Data copyright management system

ABSTRACT

A data copyright management system comprises a database for storing original data, a key control center for managing crypt keys, copyright management center for managing data copyrights, and a communication network for connecting these sections. Data supplied from the database to users is encrypted and distributed. The users decrypts the encrypted data by crypt keys obtained from the key control center or copyright management center. To supply data to users, there are the following two methods: a one way supplying of encrypted data to users by means of broadcasting or the like; and two-way supplying of encrypted data to users corresponding to users&#39; requests. A crypt key system used for encrypting data uses a secret-key cryptosystem, a public-key cryptosystem or a cryptosystem combining a secret-key and a public-key and further uses a copyright control program to control data copyrights. When a user stores, copies, or transfers data, the data is encrypted by a crypt key different from a crypt key used for supplying the data. The former crypt key is supplied from the key control center or from the copyright management center, or generated by the copyright control program. The present invention can be applied to a data copyright management system for using not only single data but also a plurality of data supplied from a single database or a plurality of data supplied from a plurality of databases. Further, an apparatus to be used by the user to perform data copyright management is proposed.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to a system for managing copyrightsfor using, storing, copying, editing, or transferring digital data,particularly in multimedia applications.

[0003] 2. Background Art

[0004] In the information-oriented society of today, database systemsare becoming wide spread in which it is possible to use various types ofdata, stored independently in each computer in the past, by connectingcomputers via communication lines.

[0005] In such a database system, the information handled up to thispoint has been conventionally coded information that can be processed bya computer, and that contains a relatively small amount of informationand monochrome binary data, such as facsimile information at most. It isnot possible to handle data containing a relatively large amount ofinformation, such as data for natural pictures or animation.

[0006] With the rapid progress of digital processing technique forvarious electric signals, a technique is under development for digitalprocessing of picture signals other than binary data, handled only asanalog signals in the past.

[0007] By digitizing the picture signal, it is possible to handle apicture signal, e.g., a television signal, by a computer. “Multimediasystems” is an emerging technology of the future capable ofsimultaneously handling the data handled by computers and digitizedpicture data.

[0008] Because picture data contains an overwhelmingly large amount ofinformation compared with character data and audio data, it is difficultto store or transfer or process the picture data by computer. For thisreason, techniques for compressing or expanding picture data have beendeveloped. Further, several standards for compression/expansion ofpicture data have been established. For example, the following standardshave been established as common standards: JPEG (Joint Photographicimage coding Experts Group) standards for still pictures, H.261standards for video conferences, MPEG1 (Moving Picture image codingExperts Group 1) standards for picture accumulation, and MPEG2 standardsfor current television broadcasting and high definition televisionbroadcasting. By using these new techniques, it is now possible totransmit digital picture data in real time.

[0009] For analog data, which has been widely used in the past, thecontrol of copyrights during processing has not been an important issuebecause the quality of the analog data deteriorates each time the datais stored, copied, edited, or transferred, the editing of a copyrightproduced due to the above operation has not been a large problem.However, the quality of digital data does not deteriorate when the datais repeatedly stored, copied, edited, or transferred. Therefore, themanagement and control of copyrights during processing of digital datais an important issue.

[0010] Up to now, there has been no adequate method for management andcontrol of copyrights for digital data. It has been managed andcontrolled merely by copyright law or by contracts. In copyright law,only compensation for digital sound or picture recording devices hasbeen prescribed.

[0011] It is possible not only to refer to the content of a database,but also to effectively utilize the data obtained from the database bystoring, copying, or editing the data, and also transferring the editeddata to the database with the edited data registered as new data.Further, it is possible to transfer edited data to other persons via acommunication link or by a proper recording medium.

[0012] In a conventional database system, only character data ishandled. However, in multimedia systems, sound data and picture dataoriginally generated as analog data, are digitized and used as part ofthe database in addition to the other data in the database such ascharacter data.

[0013] Under such circumstances, it is an important question todetermine how to handle copyrights of the data in the database. However,there are no means in the prior art for copyright management and controlof such actions as copying, editing, transferring, etc. of data.

[0014] The inventors of the present invention proposed a system forcopyright management, wherein a permit key is obtained from a keycontrol center via a public telephone line in Japanese Patent Laid-OpenNo. 46419/1994 and Japanese Patent Laid-Open No. 141004/1994. JapanesePatent Laid-pen No. 132916/1994 to the same inventors also discusses anapparatus for copyright management and control.

[0015] The database copyright management system of the priorapplications use one or any combination of the copyright controlprogram, the copyright information, and the copyright control message inaddition to a permit key corresponding to a request.

[0016] The copyright control message is displayed on a screen andadvises or warns the user if the data is utilized in a mannerinconsistent with the user's request permission. The copyright controlprogram watches and controls data use so that the data is not utilizedbeyond the conditions of the user's request or permission.

[0017] The copyright control program, the copyright information and thecopyright control message are supplied together with a permit key insome cases, but they may be supplied with data in other cases. It isalso possible to supply a part of them together with the permit key, andto supply the other part with the data.

[0018] For the data, the permit key, the copyright control message, thecopyright information, or the copyright control program, there are thefollowing three cases: they are transmitted in encrypted form anddecrypted upon use; they are transmitted in encrypted form and decryptedonly when they are displayed; or they not encrypted at all.

SUMMARY OF THE INVENTION

[0019] The present invention provides a data copyright management systemcomprising a database for storing original data, a key control centerfor managing a crypt key, a copyright management center for managing adata copyright. A communication network is provided to connect thedatabase, the key control center, and the copyright management center,wherein data from the database is encrypted and the user decrypts thedata with a crypt key obtained from the key control center or thecopyright management center.

[0020] For supplying data to a user, there are the following twomethods: a one-way communication of encrypted data to the user such asby broadcasting; and a two-way communication of encrypted data to theuser in accordance with the user's request.

[0021] Different schemes are available for a cryptographic system: asecret-key cryptosystem, a public-key cryptosystem, or a systemcombining a secret-key and a public-key. A cryptographic system furtheruses a copyright control program for managing data copyrights.

[0022] When a user stores, copies, or transmits data, the data isencrypted by a crypt key, which is obtained from the key control centeror from the copyright management center, or generated by the copyrightcontrol program.

[0023] The present invention can be applied to copyright control notonly a single data value but also a plurality of data values from asingle database or a plurality of data values supplied from a pluralityof databases. Further, an apparatus is also proposed for performing datacopyright management.

BRIEF DESCRIPTION OF THE DRAWINGS

[0024]FIG. 1 illustrates a data copyright management system forembodiments 1,2, and 3 of the present invention.

[0025]FIG. 2 illustrates a data copyright management system ofembodiment 4 of the present invention.

[0026]FIG. 3 illustrates a data copyright management system for Xembodiments 5,6, and 7 of the present invention.

[0027]FIG. 4 illustrates a data copyright management system forembodiments 8,9, 10 and 11 of the present invention.

[0028]FIG. 5 illustrates a data copyright management system forembodiments 12 and 13 of the present invention.

[0029]FIG. 6 is an illustration for data editing.

[0030]FIG. 7 is an illustration showing a digital cash system.

[0031]FIG. 8 illustrates a digital cash system for embodiments 17 and 18of the present invention.

[0032]FIG. 9 illustrates a video conference system for embodiment 19 ofthe present invention.

[0033]FIG. 10 illustrates an embodiment of a user terminal used for thedata copyright management system of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

[0034] The present invention is a database copyright management systemdescribed with respect to multimedia applications. In the followingdescription, numerous specific details are set forth to provide a morethorough description of the present invention. It will be apparent,however, to one skilled in the art, that the present invention may bepracticed without these specific details. In other instances, well knownfeatures have not been described in detail so as not to obscure thepresent invention.

[0035] The cryptography system, in general, includes a secret-keycryptosystem and a public-key cryptosystem. The secret-key cryptosystemis a cryptosystem in which the same crypt key is used for encryption anddecryption. Although this cryptosystem requires relatively shorter timefor encryption or decryption, once the secret-key is known, the cryptioncan be cryptanalyzed.

[0036] The public-key cryptosystem is a cryptosystem which provides twokeys: a key for encryption open to the public as a public-key and a keyfor decryption not open to the public. The key for encryption isreferred to as a public key and the key for decryption is referred to asa private key. A party transferring information encrypts the informationwith a public-key of a receiving party and the receiving party decryptsthe information with a private-key. While this cryptosystem requiresrelatively longer time for encryption or decryption, the private-key ishard to find and it is very difficult to cryptanalyze the cryption.

[0037] In the cryptography, the encryption of a plaintext M with a cryptkey K to obtain a cryptogram C is expressed as

[0038] C=E(K, M)

[0039] and the decryption of the cryptogram C with the cryptographic keyK to obtain the plaintext M is expressed as

[0040] M=D(K, C).

[0041] The cryptosystem used for the present invention uses a secret-keycryptosystem in which the same secret-key Ks is used for encryption anddecryption, and a public-key cryptosystem in which a public-key Kb isused for encryption of a plaintext and a private-key Kv is used fordecryption of a cryptogram.

[0042] In Japanese Patent Application No. 64889/1994, the presentinventors proposed a copyright management method for primary utilizationof digital data such as display (including sound) or storage of thedigital data in a database system including real-time transmission of adigital picture as well as secondary utilization of the digital datasuch as copying, editing, or transferring of the digital data.

[0043] The present invention applies the data copyright managementmethod proposed in the Japanese Patent Application No. 64889/1994 toprovide a data copyright management system.

EMBODIMENT 1

[0044]FIG. 1 shows the first embodiment of the data copyright managementsystem of the present invention. The first embodiment uses thesecret-key system as a crytosystem.

[0045] The embodiment of FIG. 1 comprises database 1 in which text data,binary data serving as a computer graphic display or a computer program,digital audio data, and digital picture data are stored in encryptedform, space satellite 2 such as a communications satellite or abroadcasting satellite, data recorder 3 such as a CD-ROM or a flexibledisk, communication network 8 such as a public telephone line offered bya communication enterprise or a CATV (cable TV) line offered by a cabletelevision enterprise, primary user terminal 4, key control center 9 formanaging a secret-key, and copyright management center 10 for managingdata copyrights.

[0046] Reference numerals 5, 6, and 7 represent a secondary userterminal, a tertiary user terminal, and n-order user terminalrespectively, and 11, 12, and 13 represent a secondary disk, tertiarydisk, and n-order disk serving as a recording medium such as a flexibledisk or CD-ROM respectively. The symbol “n” represents an optionalinteger. When “n” is larger than 4, a corresponding user terminal and acorresponding disk are arranged between tertiary user terminal 6 and then-order user terminal 7 and between the tertiary disk 12 and the n-orderdisk 13 respectively.

[0047] In the above arrangement, database 1, key control center 9,copyright management center 10, primary user terminal 4, secondary userterminal 5, tertiary user terminal 6, and n-order user terminal 7 areconnected to communication network 8.

[0048] In FIG. 1, the broken line indicates encrypted data flow, thesolid line indicates requests from each user terminal, and the one-dotchain line indicates authorization information corresponding to autilization request and a secret-key are transferred.

[0049] When the user is entered in the system, a database utilizationsoftware is given to the user. The database utilization softwareincludes not only normal communication software such as a datacommunication protocol but also a program for running a copyrightcontrol program.

[0050] Original data M0 such as text data, binary data as a computergraphic display or computer program, digital audio data, or digitalpicture data stored in database 1 or data recording medium 3 is one-waysupplied to primary user terminal 4 via the satellite 2 or recordingmedium 3. In this case, the data is encrypted with a first secret-keyKs1:

[0051] Cm0ks1=E(Ks1, M0).

[0052] Even if data is offered free of charge to public, it is necessaryto encrypt the data in order to protect the copyright.

[0053] Japanese Patent Application No. 64889/1994 discloses that thedata utilization includes not only displaying of data but also storing,editing, copying, and transferring of the data, and that a use permitkey is prepared for one or several forms of use and its management isexecuted by the copyright control program. It is further described inthe Japanese application that data is encrypted again by the copyrightcontrol program for storing, copying, editing and transferring of thedata other than display and edit operations. Thus, the data is encryptedfor distribution, and decrypting is performed only when for display oredit operations in a user terminal with a copyright handling capability.

[0054] This embodiment applies the method described above in the priorapplication.

[0055] A primary user who desires primary utilization of the encrypteddata Cm0ks1 makes a request by sending the original data name or theoriginal data number to key management center 9 via communicationnetwork 8 from primary user terminal 4. In this case, the primary usermust present information Iu1 for primary user to key management center9.

[0056] Key management center 9 receiving the primary utilization requestfrom primary user terminal 4 transfers the first secret-key Ks1 fordecrypting the encrypted original data Cm0ks1 obtained from database 1by the primary user and the second secret-key Ks2 for re-encrypting thedecrypted original data M0 or edited data M1 from the original data,together with a copyright control program P via communication network 8to primary user terminal 4.

[0057] In primary user terminal 4 receiving the first secret-key Ks1 asa decryption key and the second secret-key Ks2 as anencryption/decryption key, the encrypted original data Cm0ks1 isdecrypted by using the copyright control program P and the firstsecret-key Ks1 to use the decrypted original data M0 directly or data M1as edited.

[0058] M0=D(Ks1, Cm0ks1)

[0059] When the data M, which can be the original data M0 or edited dataM1, is stored in a memory or a built-in hard disk drive of primary userterminal 4, only the primary user can use the data. However, when thedata M is copied to external recording medium 11 such as a flexible diskor transmitted to secondary user terminal 5 via communication network 8,a copyright problem due to secondary utilization might occur.

[0060] When the original data M0 obtained by a primary user is directlycopied and supplied to a secondary user, the copyright of the primaryuser is not affected on the data M0 because the original data M0 is notmodified at all. However, when the primary user produces new data M1 byediting the obtained data or by using other methods such as combiningwith other data, the copyright of the primary user, i.e., secondaryexploitation right for secondary utilization of original data, isaffected on the data M1.

[0061] Similarly, when a secondary user produces new data M2 by editingthe original data M0 or edited data M1 obtained from the primary user bymethods such as combining with other data, the copyright of thesecondary user; i.e., secondary exploitation right on the secondary useris also effected.

[0062] In this embodiment, in order to protect the copyrights, the dataM is encrypted by the second secret-key Ks2 using the copyright controlprogram P when the data M is stored, copied, or transferred. Thereafter,in primary user terminal 4, the data M is decrypted and encrypted by thesecond secret-key Ks2:

[0063] Cmks2=E(Ks2, M)

[0064] M=D(Ks2, Cmks2).

[0065] It is also possible to limit the number of repeated operations bythe copyright control program.

[0066] When the data M is copied to external recording medium 11 ortransmitted via communication network 8, the first secret-key Ks1 andthe second secret-key Ks2 in primary user terminal 4 are disused by thecopyright control program P. Therefore, in order to reuse the data M,the primary user needs to request for utilization of the data M to keycontrol center 9 to reobtain the second secret-key Ks2.

[0067] If the user receives the regrant of the second secret-key Ks2,that represents secondary utilization of data in which the data M hasbeen copied to external recording medium 11 or transmitted to secondaryuser terminal 5 via communication network 8. Therefore, the fact isregistered in copyright management center 10 from key control center 9and subsequent secondary utilization comes possible.

[0068] The data M is moved from primary user terminal 4 to secondaryuser terminal 5 by external recording medium 11 or communication network8. When the data M is copied to external recording medium 11 ortransmitted via communication network 8, it is encrypted by the secondsecret-key Ks2.

[0069] When the data M is copied to external recording medium 11 andtransmitted via communication network 8, the first secret-key Ks1 andthe second secret-key Ks2 in primary user terminal 4 are disused. Inthis case, uncrypted primary user information Iu1 is added to theencrypted data Cmks2 stored in primary user terminal 4 and when theencrypted data Cmks2 is transmitted to a secondary user, the primaryuser information Iu1 is also transferred.

[0070] A secondary user who desires secondary utilization of theencrypted data Cmks2 copied or transmitted from a primary user mustpresent original data name or data number to copyright management center10 via communication network 8 by secondary user terminal 5 and alsopresent the secondary user information Iu2 to request secondaryutilization of the data Cmks2 to the center 10. In this case, thesecondary user further presents the uncrypted primary user informationIu1 added to the encrypted data Cmks2 in order to clarify therelationship with the primary user.

[0071] Copyright management center 10 confirms that the primary user hasreceived a regrant of the second secret-key Ks2 for secondaryutilization of the data, in accordance with the presented primary userinformation Iu1. Copyright management center 10, then, transfers thesecond secret-key Ks2 serving as a decryption key and the thirdsecret-key Ks3 serving as an encryption/decryption key to secondary userterminal 5 via communication network 8.

[0072] In secondary user terminal 5 receiving the second secret-key Ks2and the third secret-key Ks3, the encrypted data Cmks2 is decryptedusing the second secret-key Ks2 by the copyright control program P

[0073] M=D(Ks2, Cmks2)

[0074] and is secondarily utilized for display or edit operations.

[0075] In this embodiment, key control center 9 processes a primaryutilization requests and copyright management center 10 processes asecondary utilization requests. While the data M supplied to a primaryuser is encrypted by the first secret-key Ks1, the data M supplied to asecondary user is encrypted by the second secret-key Ks2. Further, thefirst secret-key Ks1 and the second secret-key Ks2 are transferred tothe primary user as crypt keys from key control center 9.

[0076] Therefore; if the secondary user, instead of the primary user,falsely makes a request for primary utilization to key control center 9,the first secret-key Ks1 for decryption and the second secret-key Ks2for encryption/decryption are transferred to the secondary user.However, the secondary user cannot decrypt the encrypted data Cmks2 byusing the first secret-key Ks1 transferred as a decryption key.

[0077] Therefore, it is impossible to falsely request for datautilization and as a result, not only the original copyright of data butalso the copyright of the primary user on the data are protected.

[0078] When storing, copying, or transferring of the data M other thandisplaying and displaying for editing is performed in secondary userterminal 5, the data M is encrypted using the third secret-key Ks3 bythe copyright control program P and thereafter, the data is decryptedand encrypted by the third secret-key Ks3:

[0079] Cmks3=E(Ks3, M)

[0080] M=D(Ks3, Cmks3).

[0081] Further, it is free in principle that a secondary user displaysand edits data to obtain the edited data M2. In this case, it ispossible to limit the repetitions of the operation by the copyrightcontrol program P.

[0082] When the data M is copied to external recording medium 12 ortransmitted via communication network 8, the second secret-key Ks2 andthe third secret-key Ks3 in secondary user terminal 5 are disused by thecopyright control program P. Therefore, in order to reuse the data M,the secondary user makes a request for the utilization of the data tocopyright management center 10 to reobtain the third secret-key Ks3.

[0083] The fact that the secondary user receives a regrant of the thirdsecret-key Ks3 represents secondary utilization of data in which thedata M has been copied to external recording medium 12 or transmitted totertary user terminal 6 via communication network 8. Therefore, the factis entered in copyright management center 10 and allows the secondaryuser for further data use.

[0084] The data M is moved from secondary user terminal 5 to tertiaryuser terminal 6 by external recording medium 12 or by communicationnetwork 8. When the data M is copied to external recording medium 12 ortransmitted via communication network 8, it is encrypted by the thirdsecret-key Ks3.

[0085] When the data M is copied to external recording medium 12 ortransmitted to tertiary user terminal 6 via communication network 8, thesecond secret-key Ks2 and the third secret-key Ks3 in secondary userterminal 5 are disused. In this case, the uncrypted secondary userinformation Iu2 is added to the encrypted data Cmks3 stored in secondaryuser terminal 5, and when the encrypted data Cmks3 is transmitted to atertiary user, the secondary user information Iu2 is also transferred.

[0086] For adding user information to data, there are the following twocases: every information is added to data whenever it is copied ortransmitted; and the history updated whenever the data is copiedor.transmitted is stored in the copyright management center.

[0087] A tertiary user who desires tertiary utilization of the encrypteddata Cmks3 copied or transmitted from the secondary user must presentoriginal data name or number to copyright management center 10 from atertiary user terminal 6 via communication network 8 together with thetertiary user information Iu3 to request tertiary utilization of thedata. In this case, the tertiary user further presents the uncryptedsecondary user information Iu2 added to the encrypted data Cmks3 inorder to show the relationship with the secondary user.

[0088] Copyright management center 10 confirms that the secondary userhas received a regrant of the third secret-key Ks3 for tertiaryutilization of the data, in accordance with the presented secondary userinformation Iu2. Copyright management center 10, then, transfers thethird secret-key Ks3 serving as a decryption key and the fourthsecret-key Ks4 serving as an encryption/decryption key to tertiary userterminal 6 via communication network 8.

[0089] In tertiary user terminal 6 receiving the third secret-key Ks3and the fourth secret-key Ks4, the encrypted data Cmks3 is decryptedusing the third secret-key Ks3 by the copyright control program P

[0090] M=D(Ks3, Cmks3)

[0091] and is tertiarily utilized for operations such as display oredit.

[0092] In this embodiment, the data M supplied to a primary user isencrypted by the first secret-key Ks1 and the data M supplied to asecondary user is encrypted by the second secret-key Ks2, and the data Msupplied to a tertiary user is encrypted by the third secret-key Ks3.

[0093] Therefore, if the tertiary user, instead of the primary user,falsely sends a request for primary utilization to key control center 9,the first secret-key Ks1 for decryption and the second secret-key Ks2for encryption/decryption are transferred to the tertiary user. However,it is impossible to decrypt the encrypted data Cmks3 by the firstsecret-key Ks1 transferred as a decryption key. Further, if the tertiaryuser, instead of the secondary user, falsely sends a request forsecondary utilization to key control center 9, the second secret-key Ks2and the third secret-key Ks3 are transferred to the tertiary user as adecryption key and an encryption/decryption key respectively. However,it is impossible to decrypt the encrypted data CmKs3 by the secondsecret-key Ks2 transferred as a decryption key.

[0094] Therefore, it is impossible to falsely request data utilization.As a result, not only the original copyright of the data but also thecopyrights of the primary and secondary users on the data are protected.

[0095] The same procedure is applied to quaternary and subsequentutilization.

[0096] In the above described embodiment, database 1, key control center9, and copyright management center 10 are separately arranged. However,it is not always necessary to arrange them separately. It is alsopossible to arrange all of or two of them integrally.

[0097] Further, it is also possible to send a request for a regrant of asecondary crypt key from the primary user to copyright management center10 instead of to key control center 9 as described in the aboveembodiment.

EMBODIMENT 2

[0098] Though the structure of this embodiment is mostly the same asthat of the embodiment 1, a copyright control program and, if required,first and second secret-keys are encrypted and supplied.

[0099] Also in the case of this embodiment, similarly to the case of thefirst embodiment, original data is encrypted and supplied in a one-waycommunication to a user from a single database and the user selectsdesired data out of the original data.

[0100] Because the system structure used for the second embodiment isthe same as that of embodiment 1 shown in FIG. 1, description of thesystem structure is omitted.

[0101] In this embodiment, the original data M0 stored in database 1 issupplied in a one-way communication to primary user terminal 4 via thesatellite 2, recording medium 3, or communication network 8. The data M0is encrypted by the first secret-key Ks1:

[0102] Cm0ks1=E(Ks1, M0).

[0103] A primary user who desires primary utilization of the suppliedencrypted data Cm0ks1 sends a request for the primary utilization of theencrypted original data Cm0ks1 to key control center 9 by using primaryuser terminal 4 and presenting an original data name or an original datanumber via communication network 8. In this case, the primary user mustpresent the primary user information Iu1 to key control center 9.

[0104] The key management 9 receiving the request of the primaryutilization of the encrypted original data Cm0ks1 generates a secret-keyKsu1 unique to the primary user using the primary user information Iu1and transfers it to copyright management center 10.

[0105] Copyright management center 10 receives the secret-key Ksu1 andencrypts the copyright control program P by using the secret-key Ksu1which is unique to the primary user.

[0106] Cpksu1=E(Ksu1, P)

[0107] Copyright management center 10 transfers the encrypted copyrightcontrol program Cpksu1 to key control center 9. The encrypted copyrightcontrol program Cpksu1 thus generated-is unique to the primary user.

[0108] Key control center 9 transfers the first secret-key Ks1 fordecryption and the second secret-key Ks2 for decryption/encryption toprimary user terminal 4 via communication network 8, together with theencrypted copyright control program Cpksu1 received from copyrightmanagement center 10.

[0109] In primary user terminal 4 receiving the encrypted copyrightcontrol program Cpksu1, first secret-key Ks1, and second secret-key Ks2,database system software S previously distributed generates a primaryuser unique secret-key Ksu1 in accordance with the primary userinformation Iu1:

[0110] Ksu1−S(Iu1),

[0111] An encrypted copyright control program Cpksu1 is decrypted by thegenerated primary user unique secret-key Ksu1:

[0112] P=D(Ksu1, Cpksu1),

[0113] the encrypted original data Cm0ks1 is decrypted by the firstsecret-key Ks1 using the copyright control program P:

[0114] M0=D(Ks1, Cm0ks1),

[0115] and the decrypted original data M0 directly or edited data M1 isused.

[0116] When the data M such as the original data M0 or edited data M1 isstored, copied, or transferred, it is encrypted by the copyright controlprogram P using the secret-key Ks2, and thereafter the data M isdecrypted and encrypted in primary user terminal 4 by the secondsecret-key Ks2:

[0117] Cmks2=E(Ks2, M)

[0118] M=D(Ks2, Cmks2).

[0119] When the data M is copied to external recording medium 11 or thedata is transmitted via communication network 8, the first secret-keyKs1 and the second secret-key Ks2 in primary user terminal 4 are disusedby the copyright control program P. Therefore, when the primary useruses the data M again, the user sends a request for utilization of thedata M to key control center 9 to reobtain the second secret-key Ks2.

[0120] The fact that the primary user receives a regrant of the secondsecret-key Ks2 represents secondary utilization of data in which thedata M has been copied to external recording medium 11 or transmitted tosecondary user terminal 5 via communication network 8. Therefore, thisis entered in copyright management center 10 from key control center 9and thereafter, secondary utilization of the data can be made.

[0121] The data M is moved from primary user terminal 4 to secondaryuser terminal 5 by external recording medium 11 or by communicationnetwork 8.

[0122] When the data M is copied to external recording medium 11 ortransmitted via communication network 8, it is encrypted by the secondsecret-key Ks2.

[0123] When the data M is copied to external recording medium 11 ortransmitted via communication network 8, the first secret-key Ks1 andthe second secret-key Ks2 in primary user terminal 4 are disused. Inthis case, the uncrypted information Iu1 on a primary user is added tothe encrypted data Cmks2 stored in primary user terminal 4. Therefore,when the encrypted data Cmks2 is transmitted to a secondary user, theprimary user information Iu1 is also transferred to the user.

[0124] A secondary user who desires secondary utilization of theencrypted data Cmks2 copied or transmitted from the primary user mustdesignate a data name or number added to the original data to copyrightmanagement center 10 via communication network 8 by secondary userterminal 5 and also present a secondary user information Iu2 to requestfor the secondary utilization of the data to the center 10. In thiscase, the secondary user further presents the uncrypted primary userinformation Iu1 added to the encrypted data Cmks2 in order to clarifythe relationship with the primary user.

[0125] Copyright management center 10 confirms that the primary user hasreceived a regrant of the secondary secret-key Ks2 forsecondary-utilizing the data in accordance with the presented primaryuser information Iu1 and then, generates a secret-key Ksu2 unique to thesecondary user in accordance with the presented secondary userinformation Iu2.

[0126] Copyright management center 10 encrypts the copyright controlprogram P by the secondary user unique secret-key Ksu2

[0127] Cpksu2=E(Ksu2, P)

[0128] and transfers the encrypted copyright control program Cpksu2,second secret-key Ks2 serving as a decryption key, and third secret-keyKs3 serving as an encryption/decryption key via communication network 8to secondary user terminal 5.

[0129] Further, the information Iu1 for a primary user may be added tothe encrypted copyright control program Cpksu2.

[0130] In secondary user terminal 5 receiving the second secret-key Ks2and the third secret-key Ks3, database utilization software generates asecondary user unique secret-key Ksu2 in accordance with the secondaryuser information Iu2

[0131] Ksu2=S(Iu2),

[0132] and an encrypted copyright control program Cpksu2 by thegenerated secondary user unique secret-key Ksu2

[0133] P=D(Ksu2, Cpksu2),

[0134] the encrypted original data Cmks2 is decrypted by the secondsecret-key Ks2 using the decrypted copyright control program P

[0135] M=D(Ks2, Cmks2),

[0136] and the decrypted data M directly or by editing it is used.

[0137] Thus, by generating a crypt key unique to a user in accordancewith the information of the user requests for utilization, andencrypting a copyright control program by the generated user uniquecrypt key, the security of a data copyright management system isimproved.

[0138] Further, by encrypting each secret-key to be supplied to a user,using the user unique crypt key, the security of the data copyrightmanagement system can be further improved.

EMBODIMENT 3

[0139] As still another method for solving the copyright problem causedwhen the data M is copied to external recording medium 11 or transmittedvia communication network 8 in the system shown in FIG. 1, it ispossible to limit the primary utilization request by a user of primaryuser terminal 4 to only for permits of displaying, storing and editingso that other utilization such as copying and transferring cannot beauthorized except by separate requests, and disuse the first secret-keyKs1 and the second secret-key Ks2 in primary user terminal 4 when thedata M is copied to external recording medium 11 or transmitted tosecondary user terminal 5 via communication network 8.

[0140] Thus, it is possible for copyright management center 10 to moresecurely control copy or transfer operations of the data M.

EMBODIMENT 4

[0141]FIG. 2 shows a structure of embodiment 4 of the data copyrightmanagement system of the present invention. In FIG. 1, encrypted data isone-way supplied via the satellite 2, recording medium 3, orcommunication network 8. In embodiment 2, however, encrypted data issupplied in a two-way communication in accordance with a request fromthe primary user 4.

[0142] This embodiment uses the public-key cryptosystem as a crypt keysystem. It is possible that embodiment 2 can be applied for a satellitebroadcast, ground wave broadcast, CATV broadcast or a recording mediumother than a database as data supply means provided with advertisementrequiring no charge or encryption.

[0143] In the system shown in FIG. 2 similarly to the system shown inFIG. 1, reference numeral 1 represents a database, 4 represents aprimary user terminal, 5 represents a secondary user terminal, 6represents a tertiary user terminal, and 7 represents an n-order userterminal.

[0144] Reference numeral 14 represents a secondary copyright managementcenter, 15 represents a tertiary copyright management center, 16represents an n-order copyright management center, 8 represents acommunication network such as a public telephone line offered by acommunication enterprise or a CATV line offered by a cable televisionenterprise.

[0145] In the above arrangement, database 1, primary user terminal 4,secondary user terminal 5, tertiary user terminal 6, n-order userterminal 7, secondary copyright management center 14, tertiary copyrightmanagement center 15, and n-order copyright management center 16 areconnected to communication network 8. They can also be connected to eachother.

[0146] In FIG. 2, the broken line represents a path for encrypted data,the solid line represents a path of requests from each user terminal,the one-dot chain line represents a path through which authorizationinformation sent from each database corresponding to a utilizationrequest and a crypt key are transferred, and a two-dot chain linerepresents a path through which copyright information is transferredfrom the database or each copyright management center database to anext-order copyright management center database.

[0147] Each user who uses this system is previously entered in adatabase system and in this time, database utilization software isprovided to the user. The database utilization software includes aprogram for decrypting an encrypted copyright control program inaddition to normal communication software such as a data communicationprotocol.

[0148] To use database 1, a primary user must prepare primary-userauthentication data Au1, a first public-key Kb1, a first private-key Kv1corresponding to the first public-key Kb1, a second public-key Kb2, anda second private-key Kv2 corresponding to the second public-key Kb2, andaccesses database 1 from primary user terminal 4 via communicationnetwork 8.

[0149] Database 1 receives the primary-user authentication data Au1,first public-key Kb1 and second public-key Kb2 from the primary user,confirms the primary-user authentication data Au1, and transfers theconfirmed primary-user authentication data Au1 to the secondarycopyright management center 14 as the primary user information Iu1.

[0150] Database 1 prepares two secret-keys, i.e., the first secret-keyKs1 and the second secret-key Ks2. The two secret-keys may be preparedby using key control center 9 of embodiment 1 shown in FIG. 1.

[0151] In the prepared first secret-key Ks1 and second secret-key Ks2,the second secret-key Ks2 is also previously transferred to thecopyright management center 14.

[0152] As the result of the transfers, the primary user information Iu1corresponding to primary utilization, original copyright information Icand the second secret-key Ks2 are stored in the copyright managementcenter 14. In this case, the original copyright information Ic is usedfor copyright royalties distribution.

[0153] When a primary user who desires data utilization accessesdatabase 1 from primary user terminal 4, a data menu is transferred tohim. In this case, information for charges may be displayed togetherwith the data menu.,

[0154] When the data menu is transferred, the primary user retrieves inthe data menu to select the data M. In this case, the original copyrightinformation Ic of the selected data M is transmitted to the copyrightmanagement center 14.

[0155] The original data M0 is read out of database 1 in accordance witha request of a primary user. The original data M0 is then encrypted bythe first secret-key Ks1:

[0156] Cm0ks1=E(Ks1, M0).

[0157] The encrypted data Cm0ks1 is provided with the uncrypted originalcopyright information Ic.

[0158] The first secret-key Ks1 is encrypted by the first public-key Kb1and the second secret-key Ks2 is encrypted by the second public-key kb2:

[0159] Cks1kb1=E(Kb1, Ks1)

[0160] Cks2kb2=E(Kb2, Ks2).

[0161] While the copyright control program P is also encrypted by thesecond public-key Ks2

[0162] CpKs2=E(Ks2, P),

[0163] the copyright control program P may not be encrypted by thesecond secret-key Ks2, but it may be encrypted by any other proper cryptkey.

[0164] The encrypted original data Cm0ks1, encrypted copyright controlprogram Cpks2, and two encrypted secret-keys Cks1kb1 and Cks2kb2 aretransferred to primary user terminal 4 via communication network 8, andthe user is charged for the service, if necessary.

[0165] It is possible to store the encrypted copyright control programCpks2 in a storage device such as ROM in the user terminal 4 instead ofbeing supplied from database 1.

[0166] The primary user receiving the encrypted original data Cm0ks1,two encrypted secret-keys Cks1kb1 and Cks2kb2, and encrypted copyrightcontrol program Cpks2 from database 1 decrypts the encrypted firstsecret-key Cks1kb1 by the database utilization software using the firstprivate-key Kv1 corresponding to the first public-key Kb1:

[0167] Ks1 D(Kv1, Cks1kb1),

[0168] and decrypts the encrypted second secret-key Cks2kb2 using thesecond private-key Kv2 corresponding to the second public-key Kb2:

[0169] Ks2=D(Kv2, Cks2kb2).

[0170] The primary user decrypts the encrypted copyright control programCpks2 using the decrypted second secret-key Ks2:

[0171] P=D(Ks2, Cpks2).

[0172] Finally, the primary user decrypts the encrypted data Cm0ks1 bythe decrypted copyright control program P using the decrypted firstsecret-key Ks1:

[0173] M0=D(Ks1, Cm0ks1)

[0174] and uses the decrypted original data M0 or data M1 as edited.

[0175] As described above, the first private-key Kv1 and secondprivate-key Kv2 are crypt keys prepared by the primary user, but thekeys are not known to others. Therefore, even if a third party obtainsthe data M, it is impossible to use the encrypted data M by decryptingit.

[0176] Thereafter, the data M such as the original data M0 or the editeddata M1 is encrypted and decrypted by the second secret-key Ks2 foroperations such as store, copy, or transmit:

[0177] Cmks2 E(Ks2, M)

[0178] M=D(Ks2, Cmks2).

[0179] The decrypted second secret-key Ks2 is thereafter used as a cryptkey for encrypting/decrypting data for storing, copying, or transferringthe data.

[0180] The first private-key Kv1 and second private-key Kv2, the firstsecret-key Ks1 and second secret-key Ks2, the data M, the copyrightcontrol program P, the original copyright information Ic, and also theoriginal copyright information Ic and secondary copyright informationIc1 for information of the primary user and the date and time of editoperations by the primary user are stored in primary user terminal 4.

[0181] It is further protected by attaching the copyright informationIc1 to the data as copyright information label, and adding the digitalsignature.

[0182] The encrypted data Cmks2 is encrypted before distribution. Sincethe copyright information label provides a due to obtain the secondsecret-key Ks2 which is the key for decryption, the second secret keyKs2 cannot be obtained when the copyright information label is removedfrom the encrypted data Cmks2.

[0183] When the encrypted data Cmks2 is stored in primary user terminal4, the second secret-key Ks2 is stored in the terminal 4. However, whenthe encrypted data Cmks2 is not stored in primary user terminal 4 but iscopied to the recording medium 11 or transmitted to secondary userterminal 5 via communication network 8, the second secret-key Ks2 isdisused in order to prevent subsequent utilization of the data inprimary user terminal 4.

[0184] In this case, it is possible to set a limit on the number ofrepeated operations such as copy or transfer of the data so that thesecond secret-key. Ks2 is not disused within limited repetitions ofcopying and transferring of the data.

[0185] A primary user who is going to copy the data M to externalrecording medium 11 or transmit the data M via communication network 8must prepare the second secret-key Ks2 to encrypt the data M by thissecond secret-key Ks2 before copying or transferring the data:

[0186] Cmks2=E(Ks2, M).

[0187] The uncrypted original copyright information Ic and primary-usercopyright information Ic1 are added to the encrypted data Cmks2.

[0188] Before using a database, a secondary user, similar to the primaryuser, prepares authentication data Au2 to authenticate the secondaryuser, a third public-key Kb3 and a third private-key Kv3 correspondingto the third public-key Kb3, a fourth public-key Kb4, and a fourthprivate-key Kv4 corresponding to the fourth public-key Kb4.

[0189] A secondary user who desires secondary utilization of the copiedor transmitted encrypted data Cmks2 must designate original data name ornumber to the secondary copyright management center 14 to requestsecondary utilization to the center 14 from secondary user terminal 5via communication network 8. In this case, the secondary user alsotransfers the third public-key Kb3 and the fourth public-key Kb4 as wellas the secondary user authentication data Au2, original copyrightinformation Ic and primary user copyright information Ic1.

[0190] The secondary copyright management center 14 receives thesecondary utilization request from the secondary user, confirms thesecondary-user authentication data Au2, and transfers confirmedsecondary-user authentication data Au2 to the tertiary copyrightmanagement center 15 as secondary user information.

[0191] When the secondary copyright information Ic1 of the primary useris transferred, the secondary copyright information Ic1 is confirmed bythe secondary copyright center 14. The secondary copyright informationIc1 is then transferred to the tertiary copyright management center 15.

[0192] The secondary copyright management center 14 prepares a thirdsecret-key Ks3. The third secret-key Ks3 can also be prepared by keycontrol center 9 shown in embodiment 1.

[0193] The prepared third secret-key Ks3 is transferred to and stored inthe tertiary copyright management center 15.

[0194] As the result, of the transfers primary user copyrightinformation Ic1 primary user information Iu1, original copyrightinformation Ic, secondary user information Iu2, and third secret-key Ks3are stored in the tertiary copyright management center 15. The primaryuser copyright information Ic1, and primary user information Iu1 areused for copyright royalties distribution.

[0195] Similarly, copyright information for secondary exploitation rightIc1 of (n−1) order user, primary user information Iu1, originalcopyright information Ic, n-order user information Iun, and n-thsecret-key Ksn are stored in n-order copyright management center 16.

[0196] The primary user information Iu1, original copyright informationIc and second secret-key Ks2 are read out of the secondary copyrightmanagement center 14. The original copyright information Ic is used forcopyright royalties distribution.

[0197] The second secret-key Ks2 and third secret-key Ks3 are thenencrypted by the third public-key Kb3 and fourth public-key Kb4 of thesecondary user respectively:

[0198] Cks2kb3=E(Kb3, Ks2)

[0199] Cks3kb4=E(Kb4, Ks3).

[0200] The copyright control program P is encrypted by the thirdsecret-key Ks3 and the third secret-key Ks3 is encrypted by the fourthpublic-key Kb4:

[0201] Cpks3=E(Ks3, P)

[0202] Cks3kb4=E(Kb4, Ks3).

[0203] The encrypted copyright control program Cpks3, encrypted secondsecret-key Cks2kb3, and encrypted third secret-key Cks3kb4 aretransferred to secondary user terminal 5 via communication network 8. Inthis case, charging is performed, if necessary.

[0204] The secondary user receives two encrypted secret-keys Cks2kb3 andCks3kb4 and the encrypted copyright control program Cpks3 from thesecondary copyright management center 14, decrypts the encrypted secondsecret-key Cks2kb3 by the third private-key Kv3, and decrypts theencrypted third secret-key Cks3kb4 by the fourth private-key Kv4corresponding to the fourth public-key Kb4, using the databaseutilization software:

[0205] Ks2=D(Kv3, Cks2kb3)

[0206] Ks3=D(Kv4, Cks3kb4).

[0207] The encrypted copyright control program Cpks3 is decrypted by thedecrypted third secret-key Ks3:

[0208] P=D(Ks3, Cpks3).

[0209] Then, the encrypted data Cmks2 is decrypted for the decryptedcopyright control program P and the decrypted second secret-key Ks2:

[0210] M=D(Ks2, Cmks2).

[0211] As described above, the third private-key Kv3 and the fourthprivate-key Kv4 are prepared by a secondary user, but they are not knownto others. Therefore, even if a third party obtains the encrypted dataCmks2, it is impossible to use the data by decrypting it.

[0212] In the above described embodiment, database 1, secondarycopyright management center 14, tertiary copyright management center 15,and n-order copyright management center 16 are separately arranged inorder to avoid the congestion of utilization requests. However, if thecongestion of utilization requests is not a critical issue, it ispossible to combine all or some of these functions into one.

EMBODIMENT 5

[0213]FIG. 3 shows the system structure of embodiment 5. In embodiment5, original data is encrypted and supplied in a one-way communicationfrom a single database and a user selects necessary data out of thesupplied original data to use it. This embodiment uses a secret-keycryptosystem as its crypt key system.

[0214] In FIG. 3, reference numeral 1 represents a database in whichtext data, binary data serving as computer graphics display or computerprogram, digital audio data, and digital picture data are stored bybeing encrypted, 2 represents a space satellite such as a communicationsatellite or a broadcasting satellite, 3 represents a data recordingmedium such as a CD-ROM or a flexible disk, 8 represents a communicationnetwork such as a public telephone line offered y a communicationenterprise or a CATV line offered by a cable television enterprise, and4 represents a primary user terminal. Reference numeral 17 represents acopyright management center for managing the copyright on data, and 5,6, and 7 represent a secondary user terminal, tertiary user terminal,and n-order user terminal, respectively.

[0215] In the above arrangement, database 1, copyright management center17, primary user terminal 4, secondary user terminal 5, tertiary userterminal 6 and n-order user terminal 7 can be connected with each otherby communication network 8.

[0216] Each user who uses this system is previously entered in thedatabase system, and when entered in the system, database utilizationsoftware is given to the user. This software includes a normalcommunication software program such as a data communication protocol.

[0217] Though the software for using the database system can be storedin a hard disk in a user terminal, it may be stored in a mask ROM,EPROM, or EEPROM in the user terminal.

[0218] In this system, a secret-key generation algorithm is stored in auser terminal in order to generate a secret-key from the user side.However, because the secret-key generation algorithm is not alwayssecret, it is also possible to store the algorithm in the databaseutilization software supplied to a user when the user is entered fordatabase utilization in the database system.

[0219] When original data is supplied free of charge because it isprovided with advertisement, it may not be necessary to be encrypted.Even in this case, however, a procedure for using a copyright isnecessary because the data is provided with a copyright.

[0220] In FIG. 3, the broken line represents a path of encrypted data,the solid line represents a path requested from each user terminal, andthe one-dot chain line represents a path through which a crypt keycorresponding to a utilization request is transferred.

[0221] The original data M0 stored in database 1 or the data recordingmedium 3 is supplied to primary user terminal 4 through a cabletransmission via communication network 8, by broadcast waves via thesatellite 2 or the like, or by recording medium 3. The data M0 isencrypted by the first secret-key Ks1:

[0222] Cm0ks1=E(Ks1, M0).

[0223] Similar to embodiments 1 to 4, in order to protect the copyrightof the original data Cm0ks1, which is encrypted to be supplied, whenstore, copy, or transfer operations, which is utilization otherthan.display or display for editing, are applied to the original data M0in primary user terminal 4, the second secret-key Ks2 is used to encryptthe data:

[0224] Cm0ks2=E(Ks2,M0)

[0225] as disclosed in Japanese Patent Application No. 64889/1994 whichis the prior application by the inventors of the present invention. Inthe subsequent utilization, the original data is encrypted/decrypted bythe second secret-key Ks2.

[0226] A primary user obtaining the encrypted original data Cm0ks1designates an original data name or original data number from primaryuser terminal 4 to request the primary utilization of the encryptedoriginal data Cm0ks1 of the copyright management center 17.

[0227] The copyright management center 17 receives the primaryutilization request of the encrypted original data Cm0ks1 from primaryuser terminal 4 and transfers the copyright control program P to primaryuser terminal 4 together with the first secret-key Ks1.

[0228] The copyright control program P indudes a crypt program having acryptographic algorithm, which generates a secret-key and decrypts orencrypts data.

[0229] Primary user terminal 4 receives the first secret-key Ks1 and thecopyright control program P, decrypts the encrypted original data Cm0ks1by the first secret-key Ks1 using the crypt program

[0230] M0=D(Ks1, Cm0ks1)

[0231] and uses the decrypted original data M0 directly or data M1 asedited.

[0232] The copyright control program P generates a second secret-key Ks2in accordance with the first secret-key Ks1:

[0233] Ks2=P(Ks1).

[0234] When the data M as the original data M0 or the edited data M1 isstored in primary user terminal 4, copied to the recording medium 11, ortransmitted to secondary user terminal 5, the data is encrypted by thesecond secret-key Ks2 using the copyright control program P:

[0235] Cmks2 E(Ks2, M).

[0236] The data Cmnks2 encrypted by the second secret-key Ks2 is copiedto the recording medium 11 or transmitted to secondary user terminal 5via communication network 8 together with the original data name ororiginal data number.

[0237] The secondary user obtaining the encrypted data Cmks2 makes arequest for the secondary utilization of the encrypted data Cmks2 to thecopyright management center 17 from the secondary terminal 5 bydesignating the original data name or original data number.

[0238] The copyright management center 17 receives the secondaryutilization request of the encrypted data Cmks2, finds out the firstsecret-key Ks1 in accordance with the original data name or originaldata number, generates the second secret-key Ks2 by the first secret-keyKs1 using the copyright control program P

[0239] Ks2=P(Ks1),

[0240] and supplies the generated second secret-key Ks2 to the secondaryuser terminal 15 together with the copyright control program P.

[0241] Secondary user terminal 5 receives the second secret-key Ks2 andthe copyright control program P, decrypts the data Cmks2 encrypted bythe second secret-key Ks2 using, the second secret-key Ks2

[0242] M=D(Ks2, Cmks2)

[0243] and uses the data by displaying or editing it.

[0244] When the decrypted data M is stored in secondary user terminal 5,stored in the recording medium 12, or transmitted to tertiary userterminal 6 via communication network 8, the data M is encrypted by thesecond secret-key.

[0245] Further, it is possible to make the copyright control program Pgenerate the third secret-key Ks3 in accordance with the secondsecret-key Ks2:

[0246] Ks3=P(Ks2),

[0247] so that the data M is encrypted by the third secret-key Ks3 usingthe copyright control program P when the data M is stored in secondaryuser terminal 5, copied to the recording medium 12, or transmitted totertiary user terminal 6 via communication network 8:

[0248] Cmks3=E(Ks3, M).

EMBODIMENT 6

[0249] In embodiment 6, original data is encrypted and supplied in aone-way communication from a single database to a user and the userselects necessary data out of the original data to use it, similar toembodiment 5.

[0250] This embodiment uses a secret-key cryptosystem as its crypt keysystem and a second secret-key is generated in accordance with primaryuser information and a first secret-key.

[0251] Because the system structure of embodiment 6 is the same as thatof embodiment 5 shown in FIG. 3, its description is omitted.

[0252] In the embodiment 6, the original data M0 stored in database 1 isencrypted via communication network 8, by broadcast waves via thesatellite 2, or by the recording medium 3 using the first secret-keyKs1:

[0253] Cm0ks1=E(Ks1, M0)

[0254] and supplied to primary user terminal 4.

[0255] A primary user obtaining the encrypted original data Cm0ks1 makesa request for primary utilization of the encrypted original data Cm0ks1from primary user terminal 4. The primary user must designate anoriginal data name or original data number and present the primary userinformation Iu1.

[0256] The copyright-management center 17 receives the primaryutilization request of the encrypted original data Cm0ks1 from theprimary user and supplies the first secret-key Ks1 and the copyrightcontrol program P to primary user terminal 4.

[0257] The copyright control program P indudes a crypt program having acryptographic algorithm, which generates a secret-key and thus performsdecryption and encryption.

[0258] Primary user terminal 4 receives the first secret-key Ks1 and thecopyright control program P, decrypts the encrypted original data Cm0ks1by the first secret-key Ks1 using the crypt program P

[0259] M0=D(Ks1, Cm0ks1)

[0260] and uses the decrypted original data M0 or data M1 as edited.

[0261] The supplied copyright control program P generates the secondsecret-key Ks2 in accordance with the primary user information Iu1 orthe primary user information Iu1 and the first secret-key Ks1:

[0262] Ks2=P(Iu1) or

[0263] Ks2 P(Iu1 +Ks1).

[0264] Because the generated-second secret-key Ks2 is based on theprimary user information Iu1, it is impossible to generate the secondsecret-key Ks2 without the correct primary user information Iu1.

[0265] Further, it is possible to use primary user data generated inaccordance with the primary user information Iu1 or the terminal numberof primary user terminal 4 instead of the primary user information Iu1.

[0266] When the data M serving as the original data M0 or edited data M1is stored in primary user terminal 4, copied to the recording medium 11,or supplied to secondary user terminal 5 via communication network 8,the data M is encrypted by the second secret-key Ks2 using the copyrightcontrol program P:

[0267] Cmks2=E(Ks2, M).

[0268] The data Cmks2 encrypted by the second secret-key Ks2 is copiedto the recording medium 11 or supplied to secondary user terminal 5 viacommunication network 8 together with its original data name or originaldata number and the primary user information Iu1.

[0269] A secondary user obtaining the encrypted data Cmks2 makes arequest for secondary utilization of the data M to the copyrightmanagement center 17 from secondary user terminal 5. The user mustdesignate the original data name or original data number and present theprimary user information Iu1.

[0270] The copyright management center 17 receives the secondaryutilization request of the data M, finds out the first secret-key Ks1 inaccordance with the original data name or original data number,generates the second secret-key Ks2 in accordance with either of theprimary user information Iu1 and first secret-key Ks1, or both, andsupplies the generated second secret-key Ks2 to secondary user terminal5 together with the copyright control program P.

[0271] The secondary user receives the second secret-key Ks2 and thecopyright control program P and decrypts the encrypted data Cmks2 by thesecond secret-key Ks2 using the copyright control program P and insecondary user terminal 5 to use it:

[0272] M=D(Ks2, Cmks2).

[0273] When the data M is stored in secondary user terminal 5, copied tothe recording medium 12, or supplied to tertiary user terminal 6 viacommunication network 8, the data is encrypted by the second secret-keyKs2.

[0274] Further, it is possible to make the copyright control program Pgenerate the third secret-key Ks3 in accordance with the secondsecret-key Ks2 using the copyright management program P:

[0275] Ks3=P(Ks2)

[0276] so that the data M is encrypted by the third secret-key Ks3 whenthe data is stored in secondary user terminal 5, copied to the recordingmedium 12, or supplied to tertiary user terminal 6 via communicationnetwork 8.

[0277] It is further possible to make the secondary user present thesecondary information Iu2 when requesting secondary utilization to thecopyright management center 17 so that the third secret-key Ks3 isgenerated in accordance with the presented secondary user informationIu2 In this embodiment 6, if the copyright control program P forgenerating the second secret-key Ks2 can be used in entire databasesystem in common, the same second secret-key Ks2 is generated for thesame original data in any database system as long as the primary userinformation Iu1 or the first secret-key Ks1 is not changed.

EMBODIMENT 7

[0278] In embodiment 7, original data is encrypted and supplied in aone-way communication to a user from a single database and the userselects necessary data out of the original data to use it, similar tothe embodiments 5 and 6. This embodiment uses a secret-key cryptosystem.

[0279] In this embodiment, a second secret-key is generated inaccordance with the use frequency of a copyright control program andwith a first secret-key.

[0280] Because the system structure of embodiment 7 is the same as thatof embodiments 5 and 6 shown in FIG. 3, its description is omitted.

[0281] The original data M0 stored in database 1 is encrypted by thefirst secret-key Ks1 via communication network 8, by broadcast waves viathe satellite 2, or by the recording medium 3:

[0282] Cm0ks1=E(Ks1,M0),

[0283] and supplied to primary user terminal 4.

[0284] A primary user obtaining the encrypted original data Cm0ks1 makesa request for primary utilization of the original data M0 to thecopyright management center 17 from primary user terminal 4 bydesignating an original data name or original data number.

[0285] The copyright management center 17 receives the primaryutilization request of the original data M0 and transfers the firstsecret-key Ks1 and the copyright control program P to primary userterminal 4.

[0286] The copyright control program P includes a crypt program having acryptographic algorithm, in which a crypt key is generated and data isdecrypted or encrypted. Further, a counter is attached to the copyrightcontrol program P to count the use frequency of the program P.

[0287] The primary user receives the first secret-key Ks1 and thecopyright control program P and decrypts the encrypted original dataCm0ks1 by the first secret-key Ks1 using the copyright control programP:

[0288] M0=D(Ks1,Cm0ks1)

[0289] to use the decrypted original data M0 or data M1 as edited.

[0290] When the data M serving as the original data M0 or edited data M1is stored in primary user terminal 4, copied to the recording medium 11,or transmitted to secondary user terminal 5 via communication network 8in order to manage the copyright of data, the data is encrypted by thesecond secret-key Ks2 using the copyright control program P. The secondsecret-key Ks2 used for this operation is generated in accordance withthe use frequency N of the copyright control program and with the firstsecret-key Ks1:

[0291] Ks2=P(N +Ks1).

[0292] Because the second secret-key Ks2 thus generated is based on theuse frequency N of the copyright control program P and the firstsecret-key Ks1, the data M is encrypted by the latest second secret-keyKs2 whenever it is used:

[0293] Cmks2=E(Ks2, M).

[0294] The data Cmks2 encrypted by the second secret-key Ks2 generatedthrough the final utilization is copied to the recording medium 11 ortransmitted to secondary user terminal 5 via communication network 8together with its original data name or original data number and counterdata N1.

[0295] The secondary user obtains the encrypted data Cmks2 anddesignates the original data name or original data number and thecounter data N1 from secondary user terminal 5 to request the secondaryutilization of the encrypted data Cmks2 to the copyright managementcenter 17.

[0296] The copyright management center 17 receives the secondaryutilization request of the encrypted data Cmks2, finds out the firstsecret-key Ks1 in accordance with the designated original data name ororiginal data number, generates the second secret-key Ks2 in accordancewith the counter data N1 and the first secret-key Ks1, and supplies thesecond secret-key Ks2 to secondary user terminal 5 together with thecopyright control program P via communication network 8.

[0297] The secondary user receives the second secret-key Ks2, and thecopyright control program P decrypts the encrypted data Cmks2 by thesecond secret-key Ks2 using the copyright control program P:

[0298] M=D(Ks2, Cmks2)

[0299] and uses the decrypted data M directly or by editing the data M.

[0300] When the data M is stored in secondary user terminal 5, copied tothe recording medium 12, or transmitted to tertiary user terminal 6 viacommunication network 8, the data M is encrypted by the secondsecret-key Ks2 using the copyright control program P:

[0301] Cmks2=E(ks2, M).

[0302] In this case, it is also possible to make the copyright controlprogram P generate the third secret-key Ks3 in accordance with a usefrequency N2 of the copyright control program P in secondary userterminal 5 and with the secret-key Ks2:

[0303] Ks3=P(N2+Ks2).

[0304] When the data M is stored in secondary user terminal 5, copied tothe recording medium 12, or transmitted to the tertiary user 6 viacommunication network 8, the data M is encrypted by the third secret-keyKs3 using the copyright control program P:

[0305] Cmks3=E(Ks3, M).

EMBODIMENT 8

[0306]FIG. 4 shows the embodiment 8 of the present data copyrightmanagement system. In this embodiment, original data is supplied one-wayto a user from a single database in accordance with a request of theuser. This embodiment uses a secret-key cryptosystem as its cryptosystemin which a second secret-key is generated in accordance with a firstsecret-key.

[0307] In FIG. 4, reference numeral 1 represents a database, 4represents a primary user terminal, 5 represents a secondary userterminal, 6 represents a tertiary user terminal, and 7 represents ann-order user terminal. And 18 represents a copyright management centerand 8 represents a communication network such as a public telephone lineprovided by a telephone company or a CATV line offered by a cabletelevision enterprise.

[0308] In the above arrangement, database 1, copyright management center18, primary user terminal 4, secondary user terminal 5, tertiary userterminal 6, and n-order user terminal 7 can be connected with each otherby communication network 8.

[0309] Each user who uses this system must previously be entered in adatabase system, and when entered in the system, database systemsoftware is given to the user. This software includes a normalcommunication software such as a data communication protocol.

[0310] The database utilization software can be stored on a hard disk ofa user terminal, or may be stored in a mask ROM, EPROM, or EEPROM in theuser terminal.

[0311] In this system, a secret-key generation algorithm is stored in auser terminal in order to generate a secret-key from the user side.However, because the secret-key generation algorithm is not alwayssecret, it is possible to store the algorithm in the databaseutilization software given to the user when the user is entered in adatabase system.

[0312] In case of original data provided with advertisement supplied tothe user free of charge, it may not be necessary to encrypt the data.Even in this case, however, because the data has a copyright, a properprocedure must be followed to ensure copyright protection.

[0313] In FIG. 4, the broken line represents a path for encrypted data,the solid line represents a path requested from each user terminal, andthe one-dot chain line represents a path through which a key forallowing data utilization and a copyright control program together witha secret-key from the copyright management center to secondary andsubsequent-order user.

[0314] In FIG. 4, database l stores text data, graphics data or binarydata, audio data, and picture data which are not encrypted. A primaryuser makes a request for utilization of the original data M0 fromprimary user terminal 4 by designating an original data name or numberto database 1 via communication network 8.

[0315] Database 1 receives the utilization request of the original dataM0 from primary user terminal 4, encrypts the original data M0 by thefirst secret-key Ks1:

[0316] Cm0ks1 E(Ks1, M0)

[0317] and supplies the copyright control program P to primary userterminal 4 together with the encrypted original data Cm0ks1 and thefirst secret-key Ks1.

[0318] The copyright control program P includes a crypt program having acryptographic algorithm which generates a secret-key and decrypts orencrypts data. Further, by making the cryptographic algorithm dependenton the first secret-key Ks1, it is possible to make the copyrightcontrol program P inherent in the original data M0.

[0319] Primary user terminal 4 receives the first secret-key Ks1 and thecopyright control program P together with the original data Cm0ks1encrypted by the first secret-key Ks1, decrypts the encrypted originaldata Cm0ks1 by the first secret-key Ks1:

[0320] M0=D(Ks1, Cm0ks1)

[0321] and uses the decrypted original data M0 directly or data M1 asedited.

[0322] The copyright control program P generates the second secret-keyKs2 in accordance with the first secret-key Ks1:

[0323] Ks2=P(Ks1).

[0324] When the data M as decrypted original data or edited data isstored in primary user terminal 4, copied to the recording medium 11, ortransmitted to secondary user terminal 5 via communication network 8,the data M is encrypted by the second secret-key Ks2 using thecopyright-control program P:

[0325] Cmks2=E(Ks2, M).

[0326] The encrypted data Cmks2 is copied to the recording medium 11 ortransmitted to secondary user terminal 5 via communication network 8,together with its original data name or original data number.

[0327] A secondary user obtains the encrypted data Cmks2 and makes arequest for secondary utilization of the data M as original data oredited data to the copyright management center 18 from secondary userterminal 5 by designating the original data name or number.

[0328] The secondary copyright management center 18 receives thesecondary utilization request of the data M, finds out the firstsecret-key Ks1 in accordance with the original data name or originaldata number to generate the second secret-key Ks2 in accordance with thefirst secret-key Ks1:

[0329] Ks2=P(Ks1)

[0330] and supplies the generated second secret-key Ks2 to secondaryuser terminal 5 together with the copyright control program P.

[0331] Secondary user terminal 5 receives the second secret-key Ks2 andthe copyright control program P, decrypts the encrypted data Cmks2 bythe second secret-key Ks2 using the copyright control program P:

[0332] M=D(Ks2, Cmks2)

[0333] and uses the decrypted data M directly or by editing it.

[0334] A third secret-key Ks3 is generated by the copyright controlprogram P in accordance with the second secret-key Ks2:

[0335] Ks3=P(Ks2)

[0336] so that the data M is encrypted by the generated third secret-keyKs3 using the copyright control program P when the data M is stored insecondary user terminal 5, copied to the recording medium 12, ortransmitted to tertiary user terminal 6 via communication network 8:

[0337] Cmks3=E(Ks3, M).

EMBODIMENT 9

[0338] In embodiment 9, original data is supplied to a user from asingle database in accordance with a request of the user, similarly toembodiment 8 in FIG. 4. This embodiment uses a secret-key cryptosystemand user data in addition to the first secret-key used for embodiment 8to generate a second secret-key.

[0339] Because the system structure of this embodiment is the same asthat of embodiment 8, its description is omitted.

[0340] Database 1 stores the original data M0 which is not encrypted.When a primary user accesses database 1 from primary user terminal 4, adata menu is transferred to the user. In this case, it is possible todisplay charge information together with the data menu.

[0341] When the primary user receives the data menu, the user retrievesthe data menu to select the original data M0 and requests primaryutilization of the original data M0 to database 1 by designating theoriginal data name or the like of the selected original data M0.

[0342] In database 1 receiving the utilization request of the originaldata MO from primary user terminal 4, the original data M0 is read andthe original data M0 is encrypted by the first secret-key Ks1:

[0343] Cm0ks1=E(Ks1, M0)

[0344] and the copyright control program P is supplied to primary userterminal 4 together with the encrypted original data Cm0ks1 and thefirst secret-key Ks1.

[0345] The copyright control program P used here is common to entiredatabase system, which includes a crypt program having a cryptographicalgorithm. A crypt key is generated and data is decrypted or encryptedby this crypt program.

[0346] Primary user terminal 4 receives the first secret-key Ks1 and thecopyright control program P, decrypts the encrypted original data Cm0ks1by the first secret-key Ks1 using the copyright control program P:

[0347] M0=D(Ks1, Cm0ks1)

[0348] and uses the decrypted original data M0 or data M1 as edited.

[0349] The copyright control program P generates the second secret-keyKs2 in accordance with a primary user information Iu1:

[0350] Ks2=P(Iu1).

[0351] The second secret-key Ks2 may be generated in accordance with thefirst secret-key Ks1 or the primary user data Iu1 and the firstsecret-key Ks1 instead of the primary user information Iu1:

[0352] Ks2 P(Ks1)

[0353] Ks2=P(Ks1+Iu1).

[0354] When the data M serving as the original data M0 or edited data M1is stored in Primary user terminal 4, copied to the recording medium 11,or transmitted to secondary user terminal 5 via communication network 8,the data M is encrypted by the second secret-key Ks2 using the copyrightcontrol program P:

[0355] Cmks2=E(Ks2, M).

[0356] The data Cmks2 encrypted by the second secret-key Ks2 is providedwith the original data name or original data number and then, copied tothe recording medium 11 or transmitted to secondary user terminal 5 viacommunication network 8.

[0357] A secondary user obtains the data Cmks2 encrypted by the secondsecret-key Ks2 and makes a request for secondary utilization of the dataM to the copyright management center 18 from secondary user terminal 5.The user designates the original data name, or original data number andpresents the uncrypted primary user information Iu1.

[0358] The copyright management center 18 receives the secondaryutilization request of the data M, finds out the first secret-key Ks1 inaccordance with the designated original data name or original datanumber, generates the second secret-key Ks2 in accordance with thepresented primary user information Iu1 and the found-out firstsecret-key Ks1 by the copyright control program P, and supplies the keyKs2 to secondary user terminal 5 together with the copyright controlprogram. P.

[0359] The secondary user obtains the second secret-key Ks2 and thecopyright control program P, decrypts the encrypted data Cmks2 by thesecond secret-key Ks2 using the copyright control program P in secondaryuser terminal 5:

[0360] M=D(Ks2, Cmks2)

[0361] and uses the decrypted data M directly or by editing the data.

[0362] When the data M is stored in secondary user terminal 5, copied tothe recording medium 12, or transmitted to tertiary user terminal 6 viacommunication network 8, the data M is encrypted by the secondsecret-key Ks2 using the copyright control program P:

[0363] Cmks2=E(Ks2, M).

[0364] In this case, it is also possible to make the copyright controlprogram P generate the third secret-key Ks3 in accordance with theprimary user information Iu1, second secret-key Ks2, or primary userinformation Iu1 and the second secret-key Ks2,

[0365] Ks3=P(Iu1)

[0366] Ks3=P(Iu1+Ks1)

[0367] Ks3=P(Ks1).

[0368] It is also possible to make the secondary user present thesecondary user information Iu2 when requesting secondary utilization sothat the third secret-key is generated in accordance with the secondaryuser information Iu2 instead of the primary user information Iu1.

[0369] The data M is encrypted by the third secret-key Ks3 using thecopyright control program P:

[0370] Cmks=E(Ks3, M).

[0371] In this embodiment, the copyright control program P forgenerating the second secret-key Ks2 is common to any database.Therefore, in any database, the same second secret-key Ks2 is generatedfor the same original data as long as the primary user data Iu1 and thefirst secret-key Ks1 are not changed.

EMBODIMENT 10

[0372] In embodiment 10, original data is supplied to a user from asingle database in accordance with a request of the user similarly tothe case of embodiment 8. This embodiment uses a secret-keycryptosystem.

[0373] This embodiment uses the use frequency of a copyright controlprogram instead of user information adopted for generating a secondsecret-key in embodiment 9.

[0374] Because the system structure of this embodiment is the same asthat of embodiment 8, its description is omitted.

[0375] Database 1 stores original data M0 which is not encrypted. When aprimary user accesses database 1 from primary user terminal 4, a datamenu is transferred to the user. In this case, charge information may bedisplayed together with the data menu.

[0376] When the primary user receives the data menu, the user retrievesthe data menu to select the original data M0 and makes a request for theprimary utilization of the original data M0 to database 1 by designatingan original data name or the like via communication network 8 fromprimary user terminal 4.

[0377] Database 1 receives the data utilization request from a primaryuser, encrypts the original data M0 by a first secret-key Ks1

[0378] Cm0ks1=E(Ks1, M0)

[0379] and supplies the copyright control program P to primary userterminal 4 together-with the encrypted data Cm0ks1 and the firstsecret-key-Ks1.

[0380] The copyright control program P includes a crypt program having acryptographic algorithm, which generates a crypt key and decrypts orencrypts data. Further, a counter is attached to the copyright controlprogram P to count the use frequency N of the program P or the number ofuse times of original data.

[0381] Further, by making the cryptographic algorithm dependent on thefirst secret-key Ks1, it is possible to make the copyright controlprogram P inherent in the original data.

[0382] The primary user receives the first secret-key Ks1 and thecopyright control program P, decrypts the encrypted original data Cm0ks1by the first secret-key Ks1 using the copyright control program P

[0383] M0=D(Ks1, Cm0ks1)

[0384] and uses the decrypted original data M0 directly or data M1 asedited.

[0385] To protect the copyright of data, when the data M as the originaldata M0 or edited data M1 is stored in primary user terminal 4, copiedto the recording medium 11, or transmitted to secondary user terminal 5via communication network 8, the data M is encrypted by the copyrightcontrol program P. In other words, a copyright control programalways-runs whenever these types of utilization are made.

[0386] When the supplied copyright control program P is used, thecounter in the program performs counting and the copyright controlprogram P generates the second secret-key Ks2 in accordance with thecounted value N and the first secret-key Ks1:

[0387] Ks2=P(N+Ks2).

[0388] Because the second secret-key Ks2 is based on the use frequency Nof the copyright control program P, the data M is encrypted by the newsecond secret-key Ks2 whenever the data is used:

[0389] Cmks2=E(Ks2, M).

[0390] The data Cmks2 encrypted by the generated second secret-key Ks2is copied to the recording medium 11 or transmitted to secondary userterminal 5 via-communication network 8 together with the original dataname or original data number, the primary user information Iu1 and thecounter data N.

[0391] A secondary user obtains the data Cmks2 encrypted by the secondsecret-key Ks2 and designates the original data name or original datanumber, primary user information Iu1, and counter data N to requestsecondary utilization of the data M to the copyright management center18;

[0392] The copyright management center 18 receives the secondaryutilization request of the encrypted data Cmks2, finds out the firstsecret-key Ks1 in accordance with the original data name or originaldata number of the data, generates a second secret-key Ks2 according tothe first secret-key Ks1, and the presented primary user information Iu1and the counter data N, and transfers the generated second secret-keyKs2 to secondary user terminal 5 together with the copyright controlprogram P.

[0393] Secondary user terminal 5 receives the second secret-key Ks2 andthe copyright control program P, decrypts the encrypted data Cmks2 bythe second secret-key Ks2 using the copyright control program P:

[0394] M=D(Ks2, Cmks2)

[0395] and uses the decrypted data M directly or by editing the data.

[0396] When the data is stored in secondary user terminal 5, copied tothe recording medium 12, or transmitted to tertiary user terminal 6 viacommunication network 8, the data is encrypted by the second secret-keyusing the copyright control program P. Further, it is possible that thecopyright control program generates a third secret-key in accordancewith the second secret-key.

[0397] Above-mentioned embodiments 1 to 10 are described with respect tousing a single original data supplied from a database. However, one ofthe data utilization, edit operation, includes not only editing a singledata but also producing new data by combining a plurality of originaldata obtained from the same database and producing new data by combininga plurality of original data obtained from a plurality of databases.

EMBODIMENT 11

[0398] In embodiment 11, a primary user produces new data by combining aplurality of original data stored in a single database. That is, theprimary user produces new data by using first, second, and thirdoriginal data stored in the database. In this embodiment, a plurality oforiginal data are supplied to a user from a single database in responseto a request of the user similarly to the case of embodiment 8 shown inFIG. 4. This embodiment uses a secret-key cryptosystem.

[0399] Because the system structure of this embodiment is the same asthat of embodiment 8, its description is omitted.

[0400] Database 1 stores original data M01, M02 and M03 which are notencrypted. When the primary user accesses database 1 from primary userterminal 4, a data menu is transferred to the user. In this case, chargeinformation may be displayed together with the data menu.

[0401] When the primary user receives the data menu, the user retrievesthe data menu to select the original data M01, M02 and M03, makes arequest for supply of the data M01, M02 and M03 to database 1 viacommunication network 8 by designating original data names or originaldata numbers of the first, second and third original data M01, M02 andM03, and also presents the primary user information Iu1.

[0402] Database 1 receives the supply request of the first, second andthird original data M01, M02 and M03 from the primary user, encrypts thefirst, second and third original data M0, M02 and M03 by first, secondand third secret-keys Ks01, Ks02 and Ks03 respectively:

[0403] Cm01ks01=E(Ks01, M01)

[0404] Cm02ks02=E(Ks02, M02)

[0405] Cm03ks03=E(Ks03, M03)

[0406] and supplies the first, second and third secret-keys Ks01, Ks02and Ks03 and the copyright control program P common to entire databaseand all original data to primary user terminal 4.

[0407] The copyright control program P includes a crypt program having acryptographic algorithm, which generates a crypt key and decrypts orencrypts data.

[0408] Primary user terminal 4 receives the first encrypted originaldata Cm01ks01, second encrypted original data Cm02ks02, third encryptedoriginal data Cm03ks03, first secret-key Ks01, second secret-key Ks02,third secret-key Ks03, and copyright control program P, decrypts thefirst, second and third encrypted original data Cm01ks01, Cm02ks02 andCm03ks03 by the secret-keys Ks01, Ks02, and Ks03 using the copyrightcontrol program P:

[0409] M01=D(Ks01, Cm01ks01)

[0410] M02=D(Ks02, Cm02ks02)

[0411] M03=D(Ks03, Cm03ks03)

[0412] and produces new data M1 edited from the original data M01, M02and M03.

[0413] The copyright control program P produces a fourth secret-key Ks4in accordance with one or some of the first secret-key Ks01, secondsecret-key Ks2, third secret-key Ks3, and primary user data Iu1:

[0414] Ks4=P(Ks01/Ks02/Ks03/Iu1).

[0415] When the edited data M1 is stored in primary user terminal 4,copied to the recording medium 11, or transmitted to secondary userterminal 5 via communication network 8, the data is encrypted by thefourth secret-key Ks4 using the copyright control program P:

[0416] Cm1ks4=E(Ks4, M1).

[0417] The encrypted edited data Cm1ks4 is copied to the recordingmedium 11 or transmitted to secondary user terminal 5 via communicationnetwork 8, together with original data names or original data numbersand the primary user data Iu1.

[0418] A secondary user obtains the encrypted edited data Cm1ks4 andmakes a request for secondary utilization of the data Cm1ks4 to thecopyright management center 18 from secondary user terminal 5. In thiscase, the user designates data names or data numbers of the originaldata M01, M02 and M03 and presents the primary user information Iu1.

[0419] The copyright management center 18 receives the secondaryutilization request of the encrypted edited data Cm1ks4 from thesecondary user, finds out the first secret-key Ks01 in accordance withthe data name or data number of the first original data M01, the secondsecret-key Ks02 in accordance with the data name or number of the secondoriginal data M02, and the third secret-key Ks03 in accordance with thedata name or number of the third original data M03, generates fourthsecret-key Ks4 by one or some of the found-out first secret-key Ks01,second secret-key Ks02, third secret-key Ks03 and primary userinformation Iu1 using common copyright control program P:

[0420] Ks4=P(Ks01/Ks02/Ks03/Iu1);

[0421] and supplies the fourth secret-key Ks4 to secondary user terminal5 together with the common copyright control program P.

[0422] The secondary user receives the fourth secret-key Ks4 and thecommon copyright control program P, decrypts the encrypted edited dataCm1ks4 by the fourth secret-key Ks4 using the copyright control programP

[0423] M1=D(Ks4, Cm1ks4)

[0424] and uses the decrypted edited data M1 directly or data M2 asedited.

[0425] When the edited data M1 or re-edited data M2 is stored insecondary user terminal 5, copied to the recording medium 12 ortransmitted to a tertiary user terminal 6 via communication network 8, afifth secret-key Ks5 is generated in accordance with the fourthsecret-key Ks4 by the copyright control program P, and the data isencrypted by the fifth secret-key Ks5 using the copyright controlprogram P:

[0426] Cm1ks5=E(Ks5, Cm1)

[0427] Cm2ks5=E(Ks5, Cm2).

[0428] Further, it is possible to make the common copyright controlprogram P generate a fifth secret-key Ks5 by the fourth secret-key Ks4for subsequent encryption or decryption by the generated fifthsecret-key Ks5.

[0429] In this embodiment, a copyright control program for generating afourth secret-key is common to any database. Therefore, in any database,the same fourth secret-key is generated for the same original data aslong as primary user data and a first secret-key are not changed.

[0430] While the common copyright control program of this embodiment issupplied from the copyright management center 18, it may be stored in aROM in a user terminal or in software for using a database.

EMBODIMENT 12

[0431] In embodiment 12, new data is produced by combining a pluralityof original data supplied from a plurality of databases in response to auser's request. This embodiment uses a secret-key cryptosystem.

[0432] In FIG. 5, reference numerals 19, 20, and 21 represent first,second and third databases storing text data, binary data as a computergraphics display or computer program, and audio data or picture data, 4represents a primary user terminal, 5 represents a secondary userterminal, 6 represents a tertiary user terminal, 7 represents an n-orderuser terminal, 10 represents a copyright management center for managingdata copyrights, and 8 represents a communication network such as apublic telephone line offered by a telephone company or a CATV lineoffered by a cable television enterprise.

[0433] In the above arrangement, the first, second and third databases19, 20 and 21, copyright management center 10, primary user terminal 4,secondary user terminal 5, tertiary user terminal 6, and n-order userterminal 7 can be connected with each other by communication network 8.

[0434] A user who desires to use this system must previously be enteredin each database system, and when entered in the database system,database utilization software is supplied to the user. The softwareincludes a normal communication software program such as a datacommunication protocol.

[0435] The database utilization software may be stored on a hard disk ofa user terminal, or may be stored in a mask ROM, EPROM, or EEPROM in theuser terminal.

[0436] In this system, a crypt key generation algorithm is stored in auser terminal in order to generate a secret-key from the user side.However, because the crypt key generation algorithm is not necessarilysecret, it is possible to store the algorithm in each databaseutilization software.

[0437] In case of original data provided with advertisement supplied tothe user free of charge, it may not be necessary to encrypt the data.Even in this case, however, because the data has a copyright, a properprocedure must be followed to ensure copyright protection.

[0438] In FIG. 5, the broken line represents a path for encrypted data,the solid line represents a path of requests from each user terminal toeach database and copyright management center, and the one-dot chainline represents a path through which permit information corresponding toutilization requests, a copyright control program, and a crypt key aretransferred from each database and copyright management center to eachuser terminal.

[0439] This embodiment uses a secret-key and a copyright control programwhich are different for each original data and are previously stored ineach database and the copyright management center.

[0440] The first database 19 stores the first original data M1 which isnot encrypted. When a primary user accesses the first database 19 fromthe first user terminal 4, a data menu is transferred to the user.

[0441] When the primary user receives the data menu, the user retrievesthe data menu to select the first original data M1 and makes a requestfor supply of the first original data M1 to the first database 19 viacommunication network 8 from primary user terminal 4 by designating anoriginal data name or original data number. In this case, the userpresents the primary user information Iu1.

[0442] The first database 19 receives the utilization request of thefirst original data M1 from the primary user, encrypts the requestedfirst original data MI by first secret-key Ks1

[0443] Cm1ks=E(Ks1, M1)

[0444] and supplies the encrypted data to primary user terminal 4.

[0445] The second database 20 stores the second original data M2 whichis not encrypted. When the primary user accesses the second database 20from primary user terminal 4, a data menu is transferred to the user.

[0446] When the primary user receives the data menu, the user retrievesthe data menu to select the second original data M2 and makes a requestfor supply of the second original data M2 to the second database 20 viacommunication network 8 from primary user terminal 4 by designating anoriginal data name or original data number. In this time, the userpresents the primary user information Iu1.

[0447] The second database 20 receives the utilization request of thesecond original data M2 from the primary user, encrypts the requestedsecond original data M2 by second secret-key Ks2

[0448] Cm2ks2 E(Ks2, M2)

[0449] and supplies the encrypted data to primary user terminal 4.

[0450] The third database 21 stores the third original data M3 which isnot encrypted. When the primary user accesses the third database 21 fromprimary user terminal 4, a data menu is transferred to the user.

[0451] When the primary user receives the data menu, the user retrievesthe data menu to select the third original data M3 and requests forsupply of the third original data M3 to the third database 21 viacommunication network 8 from primary user terminal 4 by designating anoriginal data name or original data number. In this case, the userpresents the primary user information Iu1.

[0452] The third database 21 receives the utilization request of thethird original data M3 from the primary user, encrypts the requestedthird original data M3 by the third secret-key Ks3

[0453] Cm3ks3=E(ks3, M3)

[0454] and supplies the encrypted data to primary user terminal 4.

[0455] The primary user receives the first, second, and third encryptedoriginal data Cm1ks1, Cm2ks2 and Cm3ks3 makes a request for primaryutilization of the first, second, and third encrypted original dataCm1ks1, Cm2ks2 and Cm3ks3 to copyright management center 10 viacommunication network 8 from primary user terminal 4 by designatingoriginal data names or numbers.

[0456] Copyright management center 10 receives the primary utilizationrequest of the first, second and third encrypted original data Cm1ks1,Cm2ks2 and Cm3ks3 from the primary user and supplies a first copyrightcontrol program P1, a second copyright control program P2, and a thirdcopyright control program P3 to primary user terminal 4 together withthe first secret-key Ks1 as a crypt key of the first original data M1,the second secret-key Ks2 as a crypt key of the second original data M2,and the third secret-key Ks3 as a crypt key of the third original dataM3.

[0457] These copyright control programs P1, P2 and P3 include a cryptprogram having a cryptographic algorithm respectively, which generatesnew secret-keys and decrypts or encrypts data.

[0458] Further, by making these cryptographic algorithms dependent onthe first, second and third secret-keys Ks1, Ks2 and Ks3 respectively,it is possible to make the first, second and third copyright controlprograms P1, P2 and P3 inherent in the first, second and third originaldata M1, M2 and M3 respectively.

[0459] Primary user terminal 4 receives the first, second and thirdsecret-keys Ks1, Ks2 and Ks3, decrypts the first, second and thirdoriginal data Cm1ks1, Cm2ks2 and Cm3ks3 encrypted by these secret-keys:

[0460] M1=D(Ks1; Cm1ks1)

[0461] M2=D(Ks2, Cm2ks2)

[0462] M3=D(Ks3, Cm3ks3)

[0463] and uses the decrypted original data M1, M2, and M3 directly orby editing them.

[0464] And the first copyright control program P1 generates fourthsecret-key Ks4 in accordance with the first secret-key Ks1, the secondcopyright control program P2 generates fifth secret-key Ks5 inaccordance with the second, secret-key Ks2, and the third copyrightcontrol program P3 generates sixth secret-key Ks6 in accordance with thethird secret-key Ks3:

[0465] Ks4=P1(Ks1)

[0466] Ks5=P2(Ks2)

[0467] Ks6=P3(Ks3).

[0468] When the original data M1, M2 and M3 or edited data M4, M5 and M6are stored in primary user terminal 4, copied to the recording medium11, or transmitted to secondary user terminal 5 via communicationnetwork 8; the first original data M1 or edited data M4 is encrypted bythe fourth secret-key Ks4 using the first copyright control program P1,the second original data M2 or edited data M5 is encrypted by the fifthsecret-key Ks5 using the second copyright management program P2, and thethird original data M3 or edited data M6 is encrypted by the sixthsecret-key Ks6 using the third copyright control program P3:

[0469] Cm1ks4=E(Ks4, M1)

[0470] Cm2ks5=E(Ks5, M2)

[0471] Cm3ks6=E(Ks6, M3)

[0472] Cm4ks4=E(Ks4, M4)

[0473] Cm5ks5=E(Ks5, M5)

[0474] Cm6ks6=E(Ks6, M6).

[0475] The original data Cm1ks4, Cm2ks5 and Cm3ks6 or edited dataCm4ks4, Cm5ks5 and Cm6ks6 encrypted by the fourth, fifth and sixthsecret-keys Ks4, Ks5 and Ks6 are copied to the recording medium 11 ortransmitted to secondary user terminal 5 via communication network 8together with the first, second and third original data names ororiginal data numbers and the primary user data Iu1.

[0476] For secondary user terminal 5 receiving the first, second andthird encrypted original data Cm1ks4, Cm2ks5 and Cm3ks6 or the encryptededited data Cm4ks4, Cm5ks5 and Cm6ks6, secondary utilization of thefirst, second and third original data M1, M2 and M3 or edited data M4,M5 and M6 is requested to copyright management center 10 by designatingthe original data names or original data numbers.

[0477] Copyright management center 10 receives the secondary utilizationrequest of the first, second and third original data M1, M2 and M3 orthe edited data M4, M5 and M6 from secondary user terminal 5 and findsout the first secret-key Ks1 and the first copyright control program P1in accordance with the first original data name or number, the secondsecret-key Ks2 and the second copyright control program P2 in accordancewith the second original data name or number and the third secret-keyKs3 and the third copyright control program P3 in accordance with thethird original data name or number, wherein the first copyright controlprogram P1 generates the fourth secret-key Ks4 from the first secret-keyKs1, the second copyright control program P2 generates the fifthsecret-key Ks5 from the second secret-key Ks2 and the third copyrightcontrol program P3 generates the sixth secret-key Ks6 from the thirdsecret-key Ks3:

[0478] Ks4=P(Ks1)

[0479] Ks5=P2(Ks2)

[0480] Ks6 P3(Ks3);

[0481] Copyright management center 10 supplies these secret-keys tosecondary user terminal 5 together with the first, second and thirdcopyright control programs P1, P2 and P3.

[0482] In secondary user terminal 5 receiving the fourth, fifth andsixth secret-keys Ks4, Ks5 and Ks6 and the first, second and thirdcopyright control programs P1, P2 and P3, the encrypted first originaldata Cm1ks4 or edited data Cm4ks4 is decrypted by the fourth secret-keyKs4 using the first copyright control program P1, the encrypted secondoriginal data Cm2ks5 or edited data Cm5ks5 is decrypted by the fifthsecret-key Ks5 using the second copyright control program P2, and theencrypted third original data Cm3ks6 or edited data Cm6ks6 is decryptedby the sixth secret-key Ks6 using the third copyright control programP3:

[0483] M4=D(Ks4, Cmks4)

[0484] M5=D(Ks5, Cm5ks5)

[0485] M6=D(Ks6, Cm6ks6)

[0486] and the decrypted data M4, M5 and M6 are used directly or byediting them.

[0487] When the first, second and third original data M1, M2 and M3 oredited data M4, M5 and M6 are stored in secondary user terminal 5,copied to the recording medium 12, or transmitted to tertiary userterminal 6 via communication network 8, the first original data M1 oredited data M4 is encrypted by the fourth secret-key Ks4 using tilefirst copyright control program P1, the second original data M02 oredited data M5 is encrypted by the fifth secret-key Ks5 using the secondcopyright control program P2, and the third original data M3 or editeddata M6 is encrypted by the sixth secret-key Ks6 using the thirdcopyright control program P3.

[0488] In this case, it is also possible to make the first copyrightcontrol program P1 generate a seventh secret-key Ks7 in accordance withthe fourth secret-key Ks4, the second copyright control program P2generate an eighth secret-key Ks8 in accordance with the fifthsecret-key Ks5 and the third copyright control program P3 generate aninth secret-key Ks9 in accordance with the sixth secret-key Ks6:

[0489] Ks7=P1(Ks4)

[0490] Ks8=P2(Ks5)

[0491] Ks9=P3(Ks6)

[0492] When the first, second and third original data M1, M2 and M3 oredited data M4, M5 and M6 are stored in secondary user terminal 5,copied to the recording medium 12, or transmitted to tertiary userterminal 6 via communication network 8, the first, second and thirdcopyright control programs P1, P2 and P3 encrypt the first, second andthird original data M1, M2 and M3 or the edited data M4, M5 and M6 bythe seventh, eighth and ninth secret-keys Ks7, Ks8 and Ks9:

[0493] Cm1ks7=E(Ks7, M1)

[0494] Cm2ks8=E(Ks9, M2)

[0495] Cm3ks9=E(Ks9, M3)

[0496] Cm4ks7=E(Ks7, M4)

[0497] Cm5ks8=E(Ks8, M5)

[0498] Cm6ks9=E(Ks9, M6)

EMBODIMENT 13

[0499] In embodiment 13, new data is produced by using a plurality oforiginal data supplied from a plurality of databases in response to auser's request, similar to embodiment 12. This embodiment uses asecret-key cryptosystem.

[0500] The use frequency of copyright control programs is used togenerate a crypt key for encryption/decryption, similar to theembodiments 7 and 11.

[0501] In this embodiment, a counter is attached to a copyright controlprogram, which counts the service frequency of the program or the numberof times of using original data. The fourth, fifth and sixth secret-keysKs4, Ks5 and Ks6 are generated by the counter value N.

[0502] A secondary user presents the counter value N together with theoriginal data name or original data number of each original data andprimary user data to request secondary utilization of data to copyrightmanagement center 10.

[0503] Copyright management center 10 receives the secondary utilizationrequest of data, finds out the first, second and third secret-keys Ks1,Ks2 and Ks3 in accordance with the original data names or original datanumbers, generates fourth, fifth and sixth secret-keys Ks4, Ks5 and Ks6by the first, second and third secret-keys Ks1, Ks2 and Ks3 for eachdata, the primary user information Iu1 and the first, second and thirdcounter values N1, N2 and N3 using the first, second and third copyrightcontrol programs P1, P2 and P3, and supplies the generated fourth, fifthand sixth secret-keys Ks4, Ks5 and Ks6 to secondary user together withthe fourth, fifth and sixth copyright control programs P1, P2 and P3.

[0504] Because the system structure of embodiment 13 is the same as thatof embodiment 12 except the above point, its detailed description isomitted.

EMBODIMENT 14

[0505] When a copy of original data obtained by a primary user isdirectly supplied to a secondary user, a copyright of the primary useris not affected on the data because the data is not provided with anyvalue. However, when new data is produced from obtained original data,that is, when new data is produced from single original data or from aplurality of original data, a secondary copyright of the primary user;i.e., secondary exploitation right in editing the data is affected onthe new data.

[0506] Because the copyright of the original copyright owner alsoapplies for the original data used for edit, the original copyright ofthe original data of an author and the secondary copyright of theprimary user who has edited data apply for the edited data.

[0507] As a copyright is a right having essential elements of a personalright, authors strongly insist on owning the copyright in many cases.Therefore, even when original data is edited, it is preferable that theoriginal data or its copyright owner can easily be specified from theedited data.

[0508] In the data copyright management systems described in embodiments1 to 13, the copyrights of data are managed by encrypting original dataor edited data. For these systems, however, the copyright of data ismanaged without identifying original data or edited data, in the wholedata or separating an original data part from an edited part in thewhole edited data. Therefore, it is impossible to specify original dataor owner from edited data.

[0509] Embodiment 14 makes it possible to separate original data forwhich only the original copyright applies from the edited data in whicha secondary exploitation right also applies in addition to the originalcopyright, and manage the original copyright and the secondaryexploitation right.

[0510] Because data is edited by using an editor program, therebyaltering original data, the edited data can be reproduced as theoriginal data and edit contents (further, the editor program whennecessary) are specified. In other words, unless the original data andthe edit contents (further, the editor program when necessary) arespecified, it is impossible to reproduce the edited data.

[0511] In embodiment 14, the secondary exploitation right described ismanaged by specifying original data and edit contents (further, aneditor program when necessary) and managing them.

[0512] To produce new data from single original data, there can bedifferent cases: first, edited data [A′] is obtained by alteringoriginal data A; second, edited data [A+X] is obtained by adding data Xto the original data A by a primary user; third, edited data [A″] isobtained by dividing the original data A into original data elements A1,A2, A3, . . . and changing the arrangement of the elements to such asA3, A2 and A1; and fourth, edited data [A1+X1+A2+X2+A3+X3 . . . ] isobtained by dividing the original data A into original data elements A1,A2, A3 . . . , also dividing the data X of the primary user into X1, X2,X3, . . . and arranging these elements.

[0513] In these cases, alteration of original data, change of originaldata arrangement, combination of the original data with primary userdata, and division of the original data and combination of it with theprimary user data can respectively be provided with a secondaryexploitation right, which needs to be protected. The original copyrightof the primary user, of course, is retained in the data X added by theprimary user.

[0514] To produce new data by combining a plurality of original data,there are different methods: first, edited data [A+B+C . . . ] isobtained by simply combining original data A, B, C, . . . ; second,edited data such as [A+X] is obtained by adding data X to the originaldata A, B, C, . . . ,; third, edited data [A1+B1+C1+ . . . +A2+B2+C2+ .. . +A3+B3+C3+ . . . ] is obtained by dividing the original data A, B,C, . . . into original data elements A1, A2, A3, . . . , B1, B2, B3, . .. and C1, C2, C3, . . . , combining them, and changing theirarrangements; and fourth, edited data [A1+B1+C1+X1+ . . . +A2+B2+C2+X2+. . . +A3+B3+C3+X3+ . . . ] is obtained by dividing the original data A,B, C, . . . into original data elements A1, A2, A3, . . . , B1, B2, B3,. . . , and C1, C2, C3, . . . , combining the elements with primary userdata X1, X2, X3, . . . , and changing their arrangements.

[0515] Also in these cases, combination of a plurality of original data,combination of a plurality of original data with primary user data,division of a plurality of original data and change of the arrangements,and combination to a plurality of divided original data with the primaryuser data can respectively be provided with a secondary exploitationright, which needs to be protected. Also, the original copyright of theprimary user, of course, is retained in the data X1, X2, X3, . . . addedby the primary user.

[0516]FIG. 6 shows an example for producing new data D by using aplurality of original data A, B and C. This method is known as thecut-and-paste technique in which data is edited by extracting (cuttingout) elements “a”, “b” and “c” from original data A, B and C andattaching (pasting) the extracted elements “a”, “b” and “c” to form apiece of data D.

[0517] While it is dear that original data and primary user data aredata, the editing process: alteration of original data, arrangementchange of original data, combination of original data with primary userdata, division of original data and combination with primary user data,combination of a plurality of original data each other, combination of aplurality of original data with primary user data, division andarrangement change of a plurality of original data, and combination of aplurality of divided original data with primary user data, are alsodata.

[0518] In the above described embodiments 1 to 13, the copyright of dataare managed by encrypting original data or edited data. Further,noticing that editing process of data, such as arrangement of originaldata and process of editing, is also data, the secondary exploitationright on edited data can be protected by managing the primary copyrightof the author on the original data and secondary copyright of theprimary user on editing process data.

[0519] Editing process data or editor program may be called as scenario.That is, it is possible to ensure to manage the copyrights of the editeddata as well as of the original data, if the edited data is constitutedwith original data, primary user data and editing process data, andthus, these original data, primary user data and editing process dataare managed by the data copyright management system described inembodiments 1 to 13. In this case, an editor program used for editingdata may be managed by the data copyright management system, ifnecessary.

[0520] While the data edit operation of original data can be performedby using an editor program corresponding to the original data, byhandling the original data as object-oriented software which hasrecently been focused on, it is possible to facilitate further editingof data and manage more preferably copyrights of data.

[0521] Further, by adopting agent-oriented software, a user cansynthesize data with little labor. The agent-oriented software, unlikethe conventional one, is a program having autonomy, flexibility andcooperativeness, which is able to meet a user's request with itscharacteristics of autonomy, flexibility and cooperativeness inaccordance with only a general instruction of the user withoutspecifically giving every operation instructions to the software.

[0522] By incorporating the agent program into a basic system of a datacopyright management system so that the program monitors the databaseutilization of a user and information obtained through the monitoring iscollected at the database or the copyright management center, it ispossible to monitor the database utilization condition of the user atthe database side or the copyright management center side and achievemore accurate copyright management. As described, these agent programand data can also be protected and, therefore, are encrypted likeoriginal data.

EMBODIMENT 15

[0523] The works with a copyright include those which make use of thecopyright and those which do not make use of the copyright. The workswith no copyright include those to which no copyright is given by a lawand those whose copyright duration has expired. All works except thosewhich have no existing copyright have a copyright, and they are normallyprovided with a mark for indicating the copyright which preventsinfringement of the copyright.

[0524] The same is applied to data. In case of data with a copyright,indication of a copyright or an author mark is given to the data to beused or to the file header of the data in order to prevent theinfringement of the copyright.

[0525] Further, by adding the copyright flag indicative of the data withcopyright to the file, and by identifying the copyright flag in the userterminal, it is possible to prevent the infringement of the datacopyright.

[0526] However, even if the indication on a copyright is given to data,when a user disregards the copyright of the data work, that results inthe infringement of the copyright. To prevent the above case, in theabove mentioned embodiments, data is encrypted and a decryption key fordecrypting the encrypted data is managed so as to perform encryption ordecryption by a crypt key different from the decryption key whendecrypted data is stored, copied, or transmitted.

[0527] Even in this case, there may be the possibility of storing,copying, or transferring data without using a cryptographic keydifferent from a decryption key by transferring the data to a memoryother than the main memory of a user terminal while the data is presentin the main memory of the user terminal.

[0528] To prevent the above case, it is the best to incorporate datacopyright utilization software into a basic system of a user terminal,indicate the file of a data work to which a copyright is given with anattribute for making use of the copyright, make the basic system of theuser terminal monitor the attribute for using the copyright of the datawork, and make the data copyright utilization software manage the datawork having the copyright using attributes.

[0529] The basic system means a software operating system such as DOSwhen the user terminal is a computer such as a personal computer or ahardware operating system stored in a ROM when the user terminal is aportable information terminal or STB (set top box).

[0530] To more completely manage a data copyright with the operatingsystem, it is preferable to incorporate the data copyright utilizationsoftware into a higher-level operating system.

[0531] Every processing and every data in the user terminal is undercontrol of an operating system. In other words, the operating system canstore every processing and data information in the user terminal.Therefore, it is possible to make the copyright control programautomatically manage the data copyright in accordance with a datautilization condition held by the operating system without resorting toa user instruction. According to the above arrangement, a user caneasily use a data copyright and the data copyright can more completelybe managed.

[0532] Further, it is desirable that the copyright control program formanaging the crypt key, data copyright information, the copyright labelor the like is kept in a system area controlled by the operating systemitself; i.e., the system area the user program cannot access.

[0533] Even in this case, however, if part of a data work is extractedand used, it is difficult to manage the data copyright. Therefore, whenan operating system detects such a situation, it is possible to managethe copyright of the extracted part of the data by configuring a systemso as to add copyright information and the copyright using attributesowned by original data to the extracted part of the data by thecopyright control program.

[0534] Further, to allow the extracted data to inherit the copyright ofthe original data work, a “has-a” link, which is a parent and childrelationship, is formed between the extracted data and the original datawork with the copyright control program.

[0535] With such a configuration, it is possible to allow the new datato inherit the copyright of each original data work in the case wherethe user extracts and incorporates his own desired portion from aplurality of copyright data to create new data.

EMBODIMENT 16

[0536] Because a copyright is a kind of property right, it is a matterof course that the charges for using the copyright occurs. Further,services such as offering of a secret-key and a copyright controlprogram should be performed for charge.

[0537] The simplest method for paying these charges is a combination ofa bill and payment. However, this method is complex in its operation andfurther may cause a trouble such as nonpayment even though the chargefor using a copyright is directly paid.

[0538] There is a charge collection substitution method performed by,for example, a communication line enterprise, which is simple and hasonly a small risk of nonpayment because charges are collected by thecommunication line enterprise. However, it is necessary to pay acommission for charge collection substitution because charges are notdirectly collected.

[0539] To solve the above problem, there is a method for using digitalcash. The digital cash is digital data used instead of cash in acomputer connected to a communication network, which is encrypted andused.

EMBODIMENT 17

[0540] Further, the configuration of the data copyright managementsystem described above can be applied not only to the data distributionbut also to the distribution of the digital cash.

[0541] The digital cash system which has been proposed so far is basedon a secret-key cryptosystem. The encrypted digital cash data istransferred from a bank account or a cash service of a credit company,and is stored in the IC card so that a terminal device for input/outputis used to make a payment. The digital cash system which uses the ICcard as a cash-box can be used at any place such as shops or the like aslong as the input/output terminal is available. However, the systemcannot be used at places such as homes or the like where no input/outputterminal is available.

[0542] Since the digital cash is an encrypted data, any device can beused as the cash-box which stores digital cash data, in addition to theIC card, as long as the device can store encrypted data and transmit thedata to the party to which the payment is made. As a terminal which canbe specifically used as the cash-box, there are personal computers,intelligent television sets, portable telephone sets such as personaldigital assistant (PDA), personal handyphone system (PHS), intelligenttelephone sets, and PC cards or the like which has the input/outputfunction.

[0543] In transactions where such terminals are used as a cash-box fordigital cash, the digital cash system can be actualized by replacing inthe configuration of the data copyright control system, database 1 witha customer's bank, a first user terminal 4 with a customer, the seconduser terminal 5 with a retailer, copyright management center 18 with aretailer's bank and a third user terminal 6 with a wholesaler or amanufacturer.

[0544] Further, it is desirable that the digital cash is processed as anobject associated with data and functions instead of being simple data.

[0545] In handling digital cash, there are a common digital cash form,an unentered digital cash form private for an owner, an entry column inthe digital cash form private for the owner, digital cash data showingan amount of money, an instruction of handling digital cash, and adigital cash form private for the owner in which an amount of money isentered. In an object-oriented programming, the concepts such as anobject, a class, a slot, a message and an instance are used.

[0546] In the corresponding relations, the common digital cash formbecomes an object, the unentered digital cash form private for an ownerbecomes a class, the entry column of a digital cash form private for theowner becomes a slot, the instruction of handling digital cash becomes amessage and the digital cash form private for the owner in which anamount of money is entered becomes an instance. Digital cash datacomprising the amount of money and the like is used as an argument.Then, the data is transferred and stored in a slot which is referred toas an instance variable by the message so that a new instance is madewhich is digital cash in which the amount of money is renewed.

[0547] The digital cash which constitutes an object will be explained byusing FIG. 7. In FIG. 7, reference numerals 23, 25 and 27 represent adigital cash form private for the customer in which the amount of moneystored in a customer terminal is entered, 29 represents a digital cashform private for the retail shop in which the amount of money stored ina retail shop terminal is entered, and 24, 26 and 28 represents accountsof each customer's bank.

[0548] Customer 23 draws out necessary amount of money from the account24 to use the digital cash, and transfers the data 31 of the digitalcash to the digital cash form 23 which is stored in the terminal. Inthis case, residual amount data 30 of the digital cash is usuallyentered in the digital cash form 23. The digital cash form is not aclass but an instance. The drawn out data 31 of the digital cash istransferred as an argument to the slot which is an entry column of thedigital cash form 23 with the message instructing the addition to theresidual amount data 30 of the digital cash. Then the drawn out data 31of the digital cash is added to the residual amount data 30 of thedigital cash in the digital cash form 23 so that a new instance iscreated in which the amount of money in the entry column of the digitalcash form 23 is changed.

[0549] In the case where the customer makes a payment to the retailshop, the payment data 32 of the digital cash which corresponds to thepaid amount is transferred as an argument to the slot which is an entrycolumn of the digital cash form 23 with the message instructing thesubtraction from the amount in the entry column of the digital cash form23. Then payment data 32 of the digital cash is subtracted from theresidual amount data 30 and the drawn out data 31 in the digital cashform 23 so that a new instance is created in which the amount of moneyin the entry column of the digital cash form 23 is changed.

[0550] Further, the payment data 32 of the digital cash is transferredto the digital cash form 29 private for the retail shop.

[0551] A similar withdrawal processing and payment processing areperformed by digital cash forms 25 and 27 for other customers. Thepayment data 33 of the digital cash is transferred from the digital cashform 25, and the payment data 34 of the digital cash is transferred fromthe digital cash form 27 to the digital cash form 29 private for theretail shop.

[0552] In the case of the digital cash 29 private for the retail shop,the residual amount data 35 of the digital cash is usually entered. Thepayment data 32 of the digital cash, the payment data 33 of the digitalcash, and the payment data 34 of the digital cash are transferred asarguments to the slot which is an entry column of the digital cash form29 with the message instructing the addition to the residual amount data35 of the digital cash so that the payment data 32, 33 and 34 of thedigital cash are added to the residual amount data 35 of the digitalcash, and a new instance is created in which the amount of-money in theentry column of the digital cash form 29 is changed.

[0553] In a normal object-oriented programming, it is impossible that anargument is transferred to a slot with the message so that a newinstance is created and the newly created instance as a whole istransferred. However, in the case of the digital cash, since thecryptosystem is used for security, an instance can be created in whichthe payment data of the digital cash is entered at the payer. Thisinstance can be encrypted and transferred to the payee.

[0554] An embodiment of the transaction system will be explained inwhich the digital cash is transferred via a communication network byusing FIG. 8. The embodiment is a modification of embodiment 9 by usinga system shown in FIG. 4. In FIG. 4, reference numeral 36 represents acustomer, 37 a bank of customer 36, 38 a retail shop, 39 a bank ofretail shop 38, 40 a manufacturer, 41 a bank of manufacturer 40, 8 apublic line provided by a communication enterprise or a communicationnetwork such as CATV line provided by a cable television enterprise.Customer 36, customer's bank 37, retail shop 38, retail shop's bank 39,manufacturer 40, manufacturer's bank 41 can be mutually connected withcommunication network 8. In this system, customer 36 can use cashservice offered by a credit company other than banks and he can alsointerpose appropriate number of wholesalers between the retail shop andthe manufacturer.

[0555] In addition, 42 and 43 are either IC cards or PC cards in whichdigital cash data is stored. The cards are used when the communicationnetwork is not used.

[0556] In FIG. 8, the broken line represents a path of encrypted digitalcash data, the solid line represents a path of requests from thecustomer, the retail shop or the manufacturer, and the one-dot chainline represents a path of the secret-key from each bank.

[0557] Further, in this embodiment, the first secret-key prepared bycustomer's bank 37, the second secret-key generated by the customer, thethird secret-key generated by the retail shop, and the fourth secret-keyprepared by the manufacturer are used as crypt keys.

[0558] In this embodiment, customer's bank 37, retail shop's bank 39,and manufacturer's bank 41 are explained as separate entities. These canbe considered as a financial system as a whole.

[0559] The digital cash management program P for encrypting anddecrypting the digital cash data is preliminary distributed to customer36 and is stored in the user terminal. Further, it is possible totransfer the digital cash management program P together with data everytime a transaction with the bank is executed. Further, it is desirableto install the common digital cash programs P in all banks.

[0560] Customer 36 uses the user terminal to designate the amount ofmoney via communication network 8 to request a withdrawal from theaccount of customer's bank 37 to the bank. At this time, the terminalpresents customer information Ic.

[0561] Customer's bank 37 which receives the customer's request ofwithdrawal from the account selects or generates the first secret-keyKs1 so that the digital cash data M0 of the amount is encrypted by thefirst secret-key Ks1:

[0562] Cm0ks1=E(Ks1, M0)

[0563] and the encrypted digital cash data Cm0ks1 and the firstsecret-key Ks1 for a decrypting key are transferred to customer 36, andthe customer information Ic and the first secret-key Ks1 are stored.

[0564] In this case, the first secret-key Ks1 can be selected from whatis preliminary prepared by customer's bank 37, and also may be generatedby presentation of the customer information Ic at the time of withdrawalof the customer using the digital cash management program P on the basisof the customer information Ic:

[0565] Ks1=P(Ic).

[0566] In this manner, the first secret-key Ks1 can be private forcustomer 36. At the same time, it is not necessary to transfer the firstsecret-key Ks1 to customer 36 so that the security of the system can beheightened. Further, the first secret-key Ks1 can be generated on thebasis of the bank information Ibs of customer's bank 37 or on the basisof the bank information Ibs and the date of key generation.

[0567] Customer 36 to which the encrypted digital cash data Cm0ks1 andthe first secret-key Ks1 are transferred generates the second secret-keyKs2 according to one or both of the customer information Ic and thefirst secret-key Ks1 using the digital cash management program P:

[0568] Ks2=P(Ic)

[0569] The generated second secret-key Ks2 is stored in the userterminal.

[0570] Further, customer 36 uses the secret-key Ks1 to decrypt theencrypted digital cash data Cm0ks1 with the digital cash managementprogram P:

[0571] M0=D(Ks1, Cm0ks1)

[0572] and the content is confirmed. When the decrypted digital cashdata M0 whose content is confirmed is stored in the user terminal whichis a cash-box, the generated second secret-key Ks2 is used to encryptthe content by the digital cash management program P:

[0573] Cm0Ks2=E(Ks2, M0).

[0574] The first secret-key Ks1 is disused at this time.

[0575] Customer 36 who wishes to buy an article from retail shop 38decrypts the encrypted digital cash data Cm0ks2 which is stored in theuser terminal as a cash-box by the digital cash management program P byusing the second secret-key Ks2:

[0576] M0=D(Ks2, Cm0ks2)

[0577] and the digital cash data M1 which corresponds to the necessaryamount of money is encrypted by the second secret-key ks2 using thedigital cash management program P:

[0578] Cm1ks2=E(Ks2, M1)

[0579] and then, the payment is made by transmitting the encrypteddigital cash data Cm1ks2 to the user terminal as a cash-box of retailshop 38 via communication network 8.

[0580] At this time, the customer information Ic is also transmitted tothe user terminal of retail shop 38.

[0581] Further, the residual amount digital cash data M2 is encrypted bythe second secret-key Ks2 using the digital cash management program P:

[0582] Cm2ks2=E(Ks2, M2)

[0583] and stored in the user terminal of customer 36.

[0584] Retail shop 38 to which the encrypted digital cash data Cm1ks2and the customer information Ic are transferred stores the transferredencrypted digital cash data Cm1ks2 and customer information Ic in theuser terminal. At the same time, the customer information Ic ispresented to retail shop's bank 39 via communication network 8 forconfirming the content and the transmission for decryption key isrequested.

[0585] Retail shop's bank 39 which is requested by retail shop 38 totransmit the second secret-key Ks2 transmits the request of thetransmission of the second secret-key Ks2 and the customer informationIc to customer's bank 37.

[0586] Customer's bank 37 which is requested to transmit the secondsecret-key Ks2 from retail shop's bank 39 generates the secondsecret-key Ks2 according to the customer information Ic by the digitalcash management program P in the case where the second secret-key Ks2 isbased only on the customer information Ic, or generates the secondsecret-key Ks2 according to the customer information Ic and the firstsecret-key Ks1 by the digital cash management program P in the casewhere the second secret-key Ks2 is based on the customer information Icand the first secret-key Ks1, and transmits the generated secondsecret-key Ks2 to shop's bank 39.

[0587] Retail shop's bank 39 to which the second secret-key Ks2 istransmitted from the customer's bank 37 transmits the second secret-keyKs2 to retail shop 38 via communication network 8. Retail shop 38 towhich the second secret-key Ks2 is transferred decrypts the encrypteddigital cash data Cm1ks2 by the second secret-key Ks2 using the digitalcash management program P:

[0588] M1=D(Ks2, Cm1ks2)

[0589] After confirming the amount of money, retail shop 38 transfersthe article to customer 36.

[0590] In this case, retail shop 36 can directly request the transfer ofthe second secret-key Ks2 to customer's bank 37 instead of retail shop'sbank 39.

[0591] In cases where the digital cash received by retail shop 38 isdeposited in the account of retail shop's bank 39, the customerinformation Ic is transferred to retail shop's bank 39 together with theencrypted digital cash data Cm1ks2 via communication network 8.

[0592] Retail shop's bank 39 to which the encrypted digital cash dataCm1ks2 and the customer information Ic are transferred requests thetransfer of the second secret-key Ks2 to customer's bank 37 bytransmitting the customer information Ic.

[0593] Customer's bank 37, which is requested to transfer the secondsecret-key Ks2 from retail shop's bank 39, generates the secondsecret-key Ks2 according to the customer's information Ic by the digitalcash management program P when the second secret-key Ks2 is only basedon the customer's information Ic, or generates the second secret-key Ks2according to the customer's information Ic and the first secret-key Ks1by the digital cash management program P when the second secret-key Ks2is based on the customer's information Ic and the first secret-key Ks1,then the generated second secret-key Ks2 is transferred to retail shop'sbank 39.

[0594] Retail shop's bank 39, to which the second secret-key Ks2 istransferred from customer's bank 37, decrypts the encrypted digital cashdata Cm1ks2 by the second secret-key Ks2 using the digital cashmanagement program P:

[0595] M1=D(Ks2, Cm1ks2)

[0596] and the decrypted digital cash data M1 is deposited in the bankaccount of retail shop 39.

[0597] In the general trade system, retail shop 38 stocks products frommanufacturer 40 or from the whole sale shops which come between retailshop 38 and the manufacturer 40. Then retail shop 38 sells the productsto customer 36. Consequently, a transaction form is present betweencustomer 36 and retail shop 38 just as between retail shop 38 andmanufacturer 40.

[0598] The handling of the digital cash between retail shop 38 andmanufacturer 40 is not basically different from the handling of thedigital cash which is carried out between customer 36 and retail shop38. Therefore, the explanation will be omitted for the sake of clarity.

[0599] In this digital cash system, the digital cash is handled throughbank. As information such as the processed amount of the digital cash,date, and the secret-key demanding party information with respect to thehandling of the digital cash is stored in the customer's bank, theresidual amount and usage history can be obtained.

[0600] Even in the case where the user terminal which is a cash-boxstoring the digital cash data cannot be used owing to the loss or thebreakage, it is possible to reissue the digital cash on the basis of theresidual amount and usage history maintained in the customer's bank.

[0601] It is desirable to add a digital signature to the digital cashdata for improve the security of the digital cash. In this embodiment,digital cash is added by the customer's information which may beaccompanied by digital signature. Therefore, the digital cash in theembodiment can also have a function of settlement system for checquesdrawn by customers.

[0602] Also this system can be applied to various systems such as anegotiation of a draft by a letter of credit and a bill of lading in theinternational trading, which have been executed by documents.

EMBODIMENT 18

[0603] The digital cash in the digital cash system which is explained inembodiment 17 is always handled through bank. However, since it ispossible to handle the digital cash without bank intervention, thedigital cash system in which the bank does not intervene will beexplained.

[0604] In the digital cash system, a public-key and a private-key areused as crypt keys for encrypting the digital cash data. The secret-keyks and customer information Ic used in embodiment 17 is not used.Consequently, in this digital cash system, the digital cash is used inthe same form as money.

[0605] Since other points are not different from the systemconfiguration shown in embodiment 17, concrete explanation is omitted.

[0606] The party which receives the digital cash from a bank, acustomer, a retail shop or a manufacturer with respect to this digitalcash system prepares the public-key and the private-key. The public-keycan be preliminary sent to the party which is scheduled to make apayment, or can be sent to the party before a transaction is executed.Here an explanation is made on the supposition that the key ispreliminary distributed.

[0607] Customer 36 requests to customer's bank 37 for withdrawing themoney from the bank account via communication network 8 from a userterminal, by indicating an amount of the money.

[0608] Customer's bank 37 which receives the request for withdrawingmoney from customer 36 encrypts the digital cash data Mo of the amountof money drawn by a customer public-key Kbc which is preliminary sent,using the digital cash management program P

[0609] Cm0kbc=E(Kbc, M0)

[0610] and transfers the encrypted digital cash data Cm0kbc to customer36.

[0611] Customer 36 to which the encrypted digital cash data Cm0kbc istransferred decrypts the digital cash data by the customer private-keyKvc which corresponds to the customer public-key Kbc using the digitalcash management program P:

[0612] M0=D(Kvc, Cm0kbc)

[0613] Customer 36 confirms the content and changes the residual amountto M2(=M0+M1) in the case where there is a residual amount data M1 inthe terminal. Then, the digital cash data M2 the amount of which ischanged is encrypted with the customer public-key Kbc with the digitalcash management program P:

[0614] Cm2kbc=E(Kbc, M2)

[0615] and stored in the terminal.

[0616] Customer 36 who wishes to buy products from retail shop 38decrypts the encrypted digital cash data Cm2Kbc stored in the terminalby the customer private-key Kvc using the digital cash managementprogram P:

[0617] M2=D(Kvc, Cm2kbc)

[0618] and encrypts the digital cash data M3 corresponding to therequired amount of money with the digital cash management program P bythe retail shop public-key Kbs which is preliminary sent:

[0619] Cm3kbs=E(Kbs, M3)

[0620] The payment is made by transferring the digital cash data to theterminal of retail shop 38 via communication network 8.

[0621] Further, the residual amount digital cash data M4(=M2-M3) isencrypted by the customer public-key Kbc using the digital cashmanagement program P:

[0622] Cm4kbc=E(Kbc, M4)

[0623] and stored in the terminal.

[0624] Retail shop 38 to which the encrypted digital cash data Cm3Kbs istransferred decrypts the digital cash data with the digital cashmanagement program P by the retail shop private-key Kvs corresponding tothe retail shop public-key Kbs:

[0625] M3=D(Kvs, Cm3kbs)

[0626] Retail shop 38 confirms the content and changes the residualamount data to M6(M5+M3) in the case where the residual amount data M5is present in the terminal. Then, the digital cash data M6 in which theamount of money is changed is encrypted with the retail shop public-keyKbs with the digital cash management program P:

[0627] Cm6kbs=E(Kbs, M6)

[0628] and stored in the terminal.

[0629] Retail shop 38 which is willing to settle the stock account ofproducts to manufacturer 40 makes the settlement using the same manner.

[0630] In the general trade system, retail shop 38 stocks productseither from manufacturer 40 or the wholesaler placed between retail shop38 and manufacturer 40 and sells the products to customer 36.Consequently, a trade form similar to the trade form between customer 36and retail shop 38 is present between retail shop 38 and manufacturer40.

[0631] Since the handling of the digital cash between retail shop 38 andmanufacturer 40 is not basically different from the handling of digitalcash between customer 36 and retail shop 38, an explanation is omittedfor the sake of clarity.

[0632] In the embodiments 17 and 18, a configuration of a data copyrightmanagement system explained by using FIG. 4 is applied to actualize thedigital cash system. Further, customer information is used and thesecret-key to be used is altered in embodiment 17. The public-key andthe private-key are used in embodiment 18.

[0633] However, as a system configuration for actualizing the digitalcash system, the configuration of other copyright management systemssuch as any configuration of the data copyright management system shownin FIGS. 1, 2, 3 and 5 can be applied. Further, as a cryptosystem usedin the case, any of the cryptosystems explained in embodiments 1 through13 using the non-altered secret-key, the public-key and the private-key,a combination of the secret-key, public-key and the private-key, andcomplex keying can be applied.

EMBODIMENT 19

[0634] In the video conference system, a television picture has beenadded to the conventional voice telephone set. Advanced video conferencesystem shows a system in which a computer system is incorporated in thevideo conference system so that the quality of the voice and the pictureare improved, and data can be handled simultaneously with the voice andthe picture.

[0635] Under these circumstances, security against the violation of theuser's privacy and the data leakage due to eavesdropping by personsother than the participants of the conference are protected by thecryptosystem using a secret-key.

[0636] However, since the conference content obtained by theparticipants themselves are decrypted, when participants themselvesstore the content of the conference and sometimes edit the content andfurther, use for secondary usage such as distribution to the personsother than the participants of the conference, the privacy of otherparticipants of the video conference and data security-remainsunprotected.

[0637] In particular, as the compression technology of the transmissiondata is advanced and the volume of the data storage medium increases, itis possible that all the content of the video conference is copied tothe data storage medium or transmitted via a network.

[0638] In view of the circumstances, embodiment 19 is intended; whenvideo conference participants perform secondary use, to secure theprivacy of other participants and data security by using theaforementioned configuration of the data copyright management system.

[0639] This video conference data management system can be actualized,for example, by replacing database 1 in the data copyright managementsystem configuration shown in FIG. 4 with a participant of the videoconference, the first user terminal 4 with another participant of thevideo conference, and the second user terminal 5 with non-participant ofthe video conference.

[0640] Embodiment 19 will be explained by using FIG. 9. Referring toFIG. 9, reference numeral 44 represents a participant as a host of thevideo conference, 45 a participant of the video conference as a guest,46 a non-participant of the video conference as a user, 47 anon-participant of the video conference as another user, 8 acommunication network such as a public telephone line provided by thecommunication enterprise and a CA television line provided by the cabletelevision enterprise or the like. Participant 44 of the videoconference is connected to participant 45 of the video conference viacommunication network 8. Further, participant 45 of the video conferencecan be connected to non-participant 46 of the video conference, andnon-participant 46 of the video conference to non-participant 47 of thevideo conference, via communication network 8. Reference numeral 48represents a data recording medium.

[0641] Referring to FIG. 9, the broken line is a path of the encryptedvideo conference content, the solid line is a path requesting the cryptkey from non-participants 46 and 47 of the television conference toparticipant of the television conference 44, and the one-dot chain lineis a path of crypt keys from participant of the video conference 44 toparticipant of the video conference 45 and non-participants of the videoconference 46 and 47.

[0642] In this embodiment, a video conference data management system isdescribed here only for the protection for data security and privacy incase of video conference participant 44 to simplify the explanation.However, it is of course, possible to protect for data security andprivacy of the video conference participant 45.

[0643] A video conference data management program P forencryption/decryption of the video conference data is previouslydistributed to video conference participant 45 and video conferencenon-participants 46 and 47, and is stored in each terminal. The videoconference data management program P may be transferred whenever a cryptkey is transferred.

[0644] In this embodiment, further, a first secret-key prepared by videoconference participant 44, a second secret-key prepared by videoconference participant 45 and a third secret-key prepared by videoconference non-participant 46 are also used.

[0645] Video conference participant 44 and video conference participant45 perform the video conference by transmitting audio, picture and data(referred to as video conference data on the whole) each other, usingeach terminal via communication network 8. Before the video conference,video conference participant 44 generates or selects the firstsecret-key Ks1 to transfer to video conference participant 45 prior tothe start of the video conference.

[0646] Video conference participant 45 receives the first secret-key Ks1and generates the second secret-key Ks2 by the first secret-key Ks1using the video conference data management program P:

[0647] Ks2=P(Ks1).

[0648] The generated second secret-key Ks2 is stored in the terminal.

[0649] Participant 44 of the video conference encrypts the videoconference data M0 with the first secret-key Ks1 in the video conferencevia communication network 8:

[0650] Cm0ks1=E(Ks1, M0)

[0651] and transfers the encrypted video conference data Cm0ks1 to videoconference participant 45.

[0652] Participant 45 of the video conference who receives the videoconference data Cm0ks1 encrypted by the first secret-key Ks1 decryptsthe video conference data Cm0ks1 by the first secret-key Ks1:

[0653] M0=D(ks1, Cm0ks1)

[0654] and uses decrypted video conference data M0.

[0655] Further, the second secret-key Ks2 is generated based on thefirst secret-key Ks1 with the video conference data management programP:

[0656] Ks2=P(Ks1).

[0657] In the case where the decrypted video conference data M0 isstored in the terminal of participant 45 of the video conference, copiedto data record medium 48, or transferred to the non-participant of thevideo conference via communication network 8, the data M is encrypted bythe second secret-key Ks2 using the video conference data managementprogram P:

[0658] Cmks2=E(Ks2, M).

[0659] The encrypted data Cmks2 is copied to record medium 48 orsupplied to the non-participant of the video conference viacommunication network 8, together with the video conference data name orthe video conference data number.

[0660] Non-participant 46 of the television conference who obtains theencrypted data CmKs2 makes a request to participant 44 for the secondaryuse of the video conference data M from the terminal by specifying thename or number of the video conference data.

[0661] Participant 44 of the video conference who receives the requestfor the second use of the data M finds out the first secret-key Ks1according to the name or the number of the video conference data name ornumber to generate the second secret-key Ks2 based on the firstsecret-key Ks1:

[0662] Ks2=P(Ks1)

[0663] and supplies the generated second secret-key Ks2 tonon-participant 46 of the video conference.

[0664] Non-participant 46 of video conference who receives the secondsecret-key Ks2, decrypts the encrypted data Cmks2 by the secondsecret-key Ks2 by using the television conference data managementprogram P:

[0665] M=D(Ks2, Cmks2)

[0666] and then, uses decrypted video conference data M.

[0667] In the case where the video conference data M is stored in theterminal of non-participant 46 of the video conference, copied to recordmedium 49, or transmitted to non-participant 47 of the video conference,the video conference data M is encrypted by the second secret-key Ks2using the video conference data management program P:

[0668] Cmks2=E(Ks2, M).

[0669] The third secret-key Ks3 may be generated on the basis of thesecond secret-key Ks2 with the television conference data managementprogram P:

[0670] Ks3=P(Ks2)

[0671] The data M can be encrypted with the video conference datamanagement program P by this generated third secret-key Ks3:

[0672] Cmks3=E(Ks3, M).

[0673] In embodiment 19 described above, the configuration of the datacopyright management system which is explained by using FIG. 4 forrealizing the video conference data management system is applied andalter the secret-key which has been used.

[0674] However, as a configuration of a system for realizing the videoconference data system, other system configuration, for example, any ofsystem configurations shown in FIGS. 1, 2, 3,4 and 5 can be applied.Further, as cryptosystem used in such a case, the non-alteredsecret-key, the public-key and the private-key,a combination of thesecret-key, the public-key and the private-key, and the complex keyingwhich is explained from embodiment 1 to 13 can be applied.

[0675] Further, in this explanation, it is supposed that the participantof the video conference as a guest stores and uses the video conferencedata, copies the data on the record medium and transfers the data viathe communication network. It is also possible to limit these actions bydisusing the crypt key used in the encryption process.

EMBODIMENT 20

[0676] As described above, each user who uses the system of the presentinvention must previously be entered in a database system, and whenentered in the system, software for database is supplied to the user.

[0677] Because the software includes not only normal communicationsoftware such as a data communication protocol but also a program fordecrypting a copyright control program by a first crypt key, it needs tobe protected.

[0678] In the case of the present invention, a first crypt key K1, asecond crypt key K2, and a copyright control program P are transferredto each user in order to use data M. Therefore, each user must keepthese keys and the program. Further, the copyright information label,user information, the public-key and private-key in the public-keycryptosystem and the program containing algorithm for generating thesecret-key are kept when needed.

[0679] For keeping them, it is the simplest to use a flexible disk.However, in the flexible disk it is easy to lose or alter data.

[0680] A hard disk drive is also unstable against losing or alteringdata though it is more stable than the flexible disk.

[0681] Recently, IC cards have become available in which an IC elementis sealed in a card-like package. Particularly, standardization of a PCcard with a microprocessor sealed in it has progressed as a PCMCIA(Personal Computer Memory Card International Association) card or JEIDAcard.

[0682]FIG. 10 shows an embodiment of the database copyright managementsystem of the present invention constituted by using the PC card. InFIG. 10, reference numeral 50 represents a microprocessor of a userterminal, 51 represents a system bus, and 52 represents a PC card inwhich a PC card microprocessor 53, read-only memory 55, andrandom-access memory 56 are sealed. System bus 51, microprocessor 53,read-only memory 55, random-access memory 56 are connected with eachother by PC card microprocessor bus 54.

[0683] Read-only memory 55 stores fixed information such as database,software and user data as a database. Read-only memory 55 also stores afirst crypt key, a second crypt key, and a copyright control programsupplied from key control center 9 or a copyright management center.Because data is also written in read-only memory 55, it is the simplestto use an EEPROM for memory 55.

[0684] As previously described, because data, the crypt key, and thecopyright control program can be encrypted and supplied to the users, inorder to use data it is necessary to decrypt these crypt key, copyrightcontrol program and the data.

[0685] To perform the above operations, microprocessor 50 of the userterminal uses the software, crypt key and copyright control programstored in read-only memory 55 of PC card 52.

[0686] In this case, however, there is a risk that these datainformation may be used illegally because they are transferred to theuser terminal. To avoid the risk, it is necessary to make microprocessor55 in PC card 52 perform every operation by using random-access memory56 through CPU bus 54 and transfer results only to the user terminal forvarious types of utilization.

[0687] It is understood that particular embodiments described hereinshould not limit the present invention thereby. This invention can bepracticed in connection with any data management system. For example,when the PC card is used, a different unit can be used as the userterminal. It is also possible to use a board or external unit having theabove functions in addition to the PC card.

[0688] Thus, a database copyright control system has been described,which is applicable to multimedia system.

Claims of the Present Invention:
 1. A data copyright management systemfor managing the copyright of data which is encrypted and supplied froma database to a user, said data copyright management system having thedatabase and a key control center; wherein a key for decrypting saidencrypted data is supplied from said key control center to said user;said user uses said key for decrypting when said user displays or editssaid data to decrypt said encrypted data; and said data is re-encryptedwhen said user stores, copies or transfers said data or data which hasbeen edited.
 2. A data copyright management system according to claim 1wherein said key used in said reencryption is different from said keyfor decryption.
 3. A data copyright management system according toclaims 1 or 2 wherein a copyright control program is further used formanaging the copyright of said data.
 4. A data copyright managementsystem according to claim 3 wherein said data copyright control programis stored in a ROM of a device which said user uses.
 5. A data copyrightmanagement system according to claim 3 wherein said data copyrightcontrol program is stored in system area controlled by an operatingsystem of the device which said user uses.
 6. A data copyrightmanagement system according to claims 1, 2, 4 or 5 wherein a copyrightinformation which is not encrypted with respect to said data copyrightis further used.
 7. A data copyright management system according toclaim 3 wherein a copyright information which is not encrypted withrespect to said data copyright is further used.
 8. A data copyrightmanagement system according to claims 1, 2, 4, 5 or 7 wherein saidcopyright information which is not encrypted added to said encrypteddata as a copyright information label, said copyright information labelbeing stored, copied or transmitted together with said data in the casewhere said data is stored, copied or transmitted.
 9. A data copyrightmanagement system according to claim 3 wherein said copyrightinformation which is not encrypted added to said encrypted data as acopyright information label, said copyright information label beingstored, copied or transmitted together with said data in the case wheresaid data is stored, copied or transmitted.
 10. A data copyrightmanagement system according to claim 6 wherein said copyrightinformation which is not encrypted added to said encrypted data as acopyright information label, said copyright information label beingstored, copied or transmitted together with said data in the case wheresaid data is stored, copied or transmitted.
 11. A data copyrightmanagement system according to claim 8 wherein a digital signature isadded to said copyright information label.
 12. A data copyrightmanagement system according to claim 9 wherein a digital signature isadded to said copyright information label.
 13. A data copyrightmanagement system according to claim 10 wherein a digital signature isadded to said copyright information label.
 14. A data copyrightmanagement system for using data encrypted and supplied from a databaseto a user, said data copyright management system comprising thedatabase, a key control center and a copyright management center,wherein said data copyright management system uses secret-key, userinformation and copyright control program; said database encrypts thedata with first secret-key to distribute the data to a first user viacommunication network, communication and broadcasting satellite, andrecord medium; said first user provides the first user information tosaid key control center to request the use; said key control centertransfers said first user information to said copyright managementcenter; said key control center transfers the copyright control programtogether with said first secret-key and second secret-key to said firstuser via said communication network; said first user uses said firstsecret-key with said copyright control program to decrypts aid encrypteddata for use; and said data decrypted is re-encrypted in the case wheresaid decrypted data is stored, copied or transmitted with said copyrightcontrol program by using said second secret-key, and uncrypted-firstuser information is added.
 15. A data copyright management systemaccording to claim 14 wherein said first secret-key and said secondsecret-key are disused with said copyright control program, when saiddecrypted data is copied or transmitted; and said first user requestsfor the retransfer of said second secret-key for the reuse of saidreencrypted data to said copyright management center so that said secondsecret-key is retransmitted.
 16. A data copyright management systemaccording to claim 15 wherein the copy or transmit of said encrypteddata is registered in said copyright management center according to theretransfer of said second secret-key.
 17. A data copyright managementsystem according to claim 15 or 16 wherein second user presents saidfirst user information to request the use to said copyright managementcenter; said copyright management center transfers said secondsecret-key and third secret-key, and said copyright control program tosaid second user after confirming the retransfer of said secondsecret-key to said first user; said second user decrypts said encrypteddata with said copyright control program by using said secondsecret-key; and said data is reencrypted and redecrypted with saidcopyright control program by using said third secret-key when saiddecrypted data is stored, copied or transmitted.
 18. A data copyrightmanagement system according to claims 14, 15, or 16 wherein said secondsecret-key is generated on the basis of any one or more of said firstsecret-key, said user information, and the usage frequency of saidcopyright control program with said copyright control program.
 19. Adata copyright management system according to claim 17 wherein saidsecond secret-key is generated on the basis of any one or more of saidfirst secret-key, said user information, and the usage frequency of saidcopyright control program with said copyright control program.
 20. Adata copyright management system for using data encrypted and suppliedfrom a database to a user, said data copyright management systemcomprising a database, a key control center and a copyright managementcenter; wherein said data copyright management system uses secret-key,user information and copyright control program; first user presents thefirst user information to the database to request the use of the data;said database encrypts requested said data by using first secret-key andtransfers it to said first user via said communication network togetherwith said first secret-key, second secret-key and said copyright controlprogram; said key control center transfers said first user informationto said copyright management center; said key control center transfersthe copyright control program together with said first and secondsecret-keys to said first user via said communication network; saidfirst user decrypts and uses said encrypted data with said copyrightcontrol program by using said first secret-key; and said data decryptedis re-encrypted when said decrypted data is stored copied or transmittedwith said copyright control program by using said second secret-key, anduncrypted first user information is added.
 21. A data copyrightmanagement system according to claim 20 wherein said first and secondsecret-keys are disused with said copyright control program when saiddecrypted data is copied or transmitted; said first user requestsretransfer of said second secret-key for the reuse of the reencrypteddata to said copyright management center; and said second secret-key isretransferred.
 22. A data copyright management system according to claim21 wherein the copy or transmit of said encrypted data is registered insaid copyright management center according to the retransfer of saidsecond secret-key.
 23. A data copyright management system according toclaim 21 or 22 wherein second user presents said first user information,to request the use to said copyright management center; said copyrightmanagement center transfers said second secret-key, third secret-key andsaid copyright control program to said second user after confirming theretransfer of said second secret-key to the first user; said second userdecrypts said encrypted data with said copyright control program byusing said second secret-key; and said data is reencrypted andredecrypted with said copyright control program by using said thirdsecret-key in the case where said decrypted data is stored, copied ortransmitted.
 24. A data copyright management system according to claims20, 21, or 22 wherein said second secret-key is generated on the basisof any one or more of said first secret-key, said user information, andthe usage frequency of said copyright control program with saidcopyright control program.
 25. A data copyright management systemaccording to claim 23 wherein said second secret-key is generated on thebasis of any one or more of said first secret-key, said userinformation, and the usage frequency of said copyright control programwith said copyright control program.
 26. A data copyright managementsystem for using data encrypted and supplied from a database to a user,said data copyright management system comprising a database, a keycontrol center and a copyright management center; said data copyrightmanagement system uses secret-key, public-key and private-key; firstuser presents first public-key, second public-key and first userinformation to request the use of the desired data to said key controlcenter; said database which receives the request for use encrypts saiddata by using first secret-key, encrypts said first secret-key by usingsaid first public-key, and encrypts second secret-key by using saidsecond public-key; said encrypted data, said encrypted first secret-key,said encrypted second secret-key and said copyright control program aretransmitted to said first user; said first user decrypts said encryptedfirst secret-key by using first private-key, decrypts said encrypteddata by using said decrypted first secret-key, and decrypts saidencrypted second secret-key by using second private-key, with saidcopyright control program; said data is encrypted and decrypted withsaid copyright control program by using the second secret-key in thecase where said decrypted data is stored, copied or transmitted.
 27. Adata copyright management system according to claim 26 wherein saidfirst and second secret-keys are disused with said copyright controlprogram when said decrypted data is copied or transmitted; said firstuser who reuses said encrypted data requests for the retransfer of saidsecond secret-key for the reuse of said reencrypted data to saidcopyright management center; and said second secret-key isretransferred.
 28. A data copyright management system according to claim27 wherein the copy or transmit of said encrypted data is registered insaid copyright management center.
 29. A data copyright management systemaccording to claim 27 or 28 wherein second user presents said first userinformation to request the use to said copyright management center; saidcopyright management center transfers said second secret-key, thirdsecret-key, and said copyright control program to said second user afterconfirming the retransfer of said second secret-key to said first user;said second user decrypts said encrypted data with said copyrightcontrol program by using said second secret-key; and said data decryptedis reencypted and redecrypted with said copyright control program byusing said third secret-key in the case where said decrypted data isstored, copied or transmitted.
 30. A data copyright management systemaccording to claims 26, 27, or 28 wherein said second secret-key isgenerated on the basis of any one or more of said first secret-key, saiduser information, and the usage frequency of said copyright controlprogram.
 31. A data copyright management system according to claim 29wherein said second secret-key is generated on the basis of any one ormore of said first secret-key, said user information, and the usagefrequency of said copyright control program.
 32. A data copyrightmanagement system for using a plurality of data encrypted each bydifferent secret-keys and supplied from database to a user, said systemusing a secret-key, user information and a copyright control program,said data copyright management system comprising: first user obtainingfrom a copyright management center a plurality of copyright controlprograms unique to original said plurality of data and a plurality offirst secret-keys to decrypt said plurality of original data with aplurality of said first secret-keys; one or a plurality of secondsecret-keys being generated with a plurality of copyright controlprograms unique to said plurality of original data; wherein saidplurality of original data which are used or edited are encrypted withsaid one or a plurality of second secret-keys with said plurality ofcopyright control programs unique to said plurality of original data tobe stored, copied or transmitted together with the edition process data;and said plurality of original data or said plurality of edited dataencrypted with said one or plurality of second secret-keys are decryptedwith said one or plurality of second secret-keys and said plurality ofcopyright control programs obtained from said copyright managementcenter for second user to use and edit by using said edition process.33. A data copyright management system according to claim 32 whereinsaid second secret-key is generated with said copyright control programon the basis of any one or more of said first secret-keys and said userinformation.
 34. A data copyright management system for using dataencrypted and supplied from a database to a user, using a crypt key,user information and a copyright control program, comprising: said userpresenting user information to said database; said database supplyingsaid data encrypted with first crypt key to first user; said first usergenerating a second crypt key based on said first crypt key with saidcopyright control program; said encrypted data being decrypted by usingsaid first crypt key in the case where said first user uses saidencrypted data; and said decrypted data being reencrypted by using saidsecond crypt key in the case where said first user stores, copies ortransmits said decrypted data.
 35. A data copyright management systemaccording to claim 34 wherein said crypt key is a secret-key.
 36. A datacopyright management system according to claim 34 wherein said crypt keyis a public-key and a private-key.
 37. A digital cash management systemfor using digital cash encrypted and supplied from a financialorganization to first user, comprising: said financial organizationsupplying a key for decrypting said encrypted digital cash data to saidfirst user; said digital cash data being decrypted by using saiddecrypting key in the case where said first use confirms said digitalcash data; and said data being reencrypted in the lase where said firstuser stores said decrypted digital cash case where changed digital cashdata is stored, or in the case where digital cash data is transmitted tosaid second user.
 38. A digital cash management system according toclaim 37 wherein the key used in said reencryption is a crypt key whichis different from said decrypting key.
 39. A digital cash managementsystem according to claims 37 or 38 wherein a digital cash managementprogram is further used for managing said digital cash.
 40. A digitalcash management system according to claims 37 or 38 wherein first userinformation which is not encrypted is further used.
 41. A digital cashmanagement system according to claim 39 wherein first user informationwhich is not encrypted is further used.
 42. A digital cash managementsystem according to claims 37 or 38 wherein said first user informationwhich is not encrypted is added to said encrypted digital cash data asthe first user information label to be stored or transmitted togetherwith said digital cash data in the case where said digital cash data isstored, in the case where changed digital cash data is stored, or in thecase where said digital cash data is transmitted to the second user. 43.A digital cash management system according to claim 39 wherein saidfirst user information which is not encrypted is added to said encrypteddigital cash data as the first user information label to be stored ortransmitted together with said digital cash data in the case where saiddigital cash data is stored, in the case where changed digital cash datais stored, or in the case where said digital cash data is transmitted tothe second user.
 44. A digital cash management system according to claim40 wherein said first user information which is not encrypted is addedto said encrypted digital cash data as the first user information labelto be stored or transmitted together with said digital cash data in thecase where said digital cash data is stored, in the case where changeddigital cash data is stored, or in the case where said digital cash datais transmitted to the second user.
 45. A digital cash management systemaccording to claim 41 wherein said first user information which is notencrypted is added to said encrypted digital cash data as the first userinformation label to be stored or transmitted together with said digitalcash data in the case where said digital cash data is stored, in thecase where changed digital cash data is stored, or in the case wheresaid digital cash data is transmitted to the second user.
 46. A digitalcash management system according to claim 42 wherein a digital signatureis added to said first user information label.
 47. A digital cashmanagement system according to claim 43 wherein a digital signature isadded to said first user information label.
 48. A digital cashmanagement system according to claim 44 wherein a digital signature isadded to said first user information label.
 49. A digital cashmanagement system according to claim 45 wherein a digital signature isadded to said first user information label.
 50. A digital cashmanagement system for using digital cash encrypted and supplied from afinancial organization to a first user, said system using a crypt key,user information and digital cash management program, comprising: saidfirst user presenting the first user information to said financialorganization; said financial organization providing said first user withsaid digital cash data encrypted by the first crypt key; wherein saidfirst user generates a second crypt key on the basis of said first cryptkey with said digital cash management program; said encrypted digitalcash data is decrypted by using said first crypt key in the case wheresaid first user confirms said encrypted digital cash data; said digitalcash data decrypted is reencrypted by using said second crypt key to bestored said first user; said decrypted digital cash data is reencryptedby using said second crypt key and said digital cash data reencrypted istransmitted to second user together with said first user information inthe case where said decrypted digital cash data is transmitted to saidsecond user; said first user information is presented to said financialorganization from said second user; said financial organizationgenerates said second crypt key based on said first user information andtransfers said second crypt key to said second user; and said seconduser decrypts said reencrypted digital cash data with said digital cashmanagement program by using said second crypt key which is transferred.51. A digital cash management system according to claim 50 wherein saidcrypt key is a secret-key.
 52. A digital cash management systemaccording to claim 50 wherein said crypt key is-a public-key and aprivate-key.
 53. A digital cash management system for using a digitalcash encrypted and supplied from a financial organization to first user,said system using a public-key and a private-key, comprising: said firstuser presenting first public-key to said financial organization; saidfinancial organization encrypting digital cash data with said firstpublic-key to supply to said first user; said first user decrypting saiddigital cash data by using first private-key; second user presentingsecond public-key to said first user; said first user encrypting saiddigital cash data which is decrypted with said second public-key totransfer to said second user; and said second user decrypting saiddigital cash data by using second private-key.
 54. A video conferencedata management system for using video conference data encrypted andsupplied from first user to second user, comprising: a key fordecrypting said encrypted video conference data being supplied from saidfirst user to said second user; said encrypted video conference databeing decrypted by using said decrypting key in the case where saidsecond user uses said video conference data; and said data beingreencrypted in the case where said second user stores decrypted saidvideo conference data, in the case where edited video conference data isstored, or in the case where said video conference data is transmittedto third user.
 55. A video conference data management system accordingto claim 54 wherein a crypt key used for said re-encryption is differentfrom said decrypting key.
 56. A video conference data management systemaccording to claims 54 or 55 wherein a video conference data managementprogram for managing said video conference data is further used.
 57. Avideo conference data management system according to claims 54 or 55wherein first user information which is not encrypted is further used.58. A video conference data management system according to claim 56wherein first user information which is not encrypted is further used.59. A video conference copyright management system according to claims54 or 55 wherein said uncrypted first user information is added to saidencrypted video conference data as the first user information labelwhich is copied or transmitted together with said video conference datain the case where said video conference data is stored, in the casewhere the edited video conference data is stored, or in the case wherethe video conference data is transmitted to third user.
 60. A videoconference copyright management system according to claim 56 whereinsaid uncrypted first user information is added to said encrypted videoconference data as the first user information label which is copied ortransmitted together with said video conference data in the case wheresaid video conference data is stored, in the case where the edited videoconference data is stored, or in the case where the video conferencedata is transmitted to third user.
 61. A video conference copyrightmanagement system according to claim 57 wherein said uncrypted firstuser information is added to said encrypted video conference data as thefirst user information label which is copied or transmitted togetherwith said video conference data in the case where said video conferencedata is stored, in the case where the edited video conference data isstored, or in the case where the video conference data is transmitted tothird user.
 62. A video conference copyright management system accordingto claim 58 wherein said uncrypted first user information is added tosaid encrypted video conference data as the first user information labelwhich is copied or transmitted together with said video conference datain the case where said video conference data is stored, in the casewhere the edited video conference data is stored, or in the case wherethe video conference data is transmitted to third user.
 63. A videoconference data management system according to claim 59 wherein adigital signature is added to said first user information label.
 64. Avideo conference data management system according to claim 60 wherein adigital signature is added to said first user information label.
 65. Avideo conference data management system according to claim 61 wherein adigital signature is added to said first user information label.
 66. Avideo conference data management system according to claim 62 wherein adigital signature is added to said first user information label.
 67. Avideo conference data management system for using video conference dataencrypted and supplied from first user to second user, said system usinga crypt key, user information, and video conference data managementprogram: wherein said second user presents second user information tosaid first user; said first user supplies to said second user said videoconference data encrypted with the first crypt key; said second useruses said video conference data management program to generate thesecond crypt key based on said first crypt key; said encrypted videoconference data is decrypted by using said first crypt key in the casewhere said second user uses said encrypted video conference data; andsaid decrypted video conference data is reencrypted by using said secondcrypt key in the case where said second user stores, copies or transmitssaid decrypted video conference data.
 68. A video conference datamanagement system according to claim 67 wherein said crypt key is asecret-key.
 69. A video conference data management system according toclaim 67 wherein said crypt key is a public-key and a private-key.
 70. Adata copyright management apparatus connected for use to a system bus inmain body of user terminal, comprising a microprocessor, a read onlymemory, reading and writing memory and EEPROM connected to amicroprocessor bus: